CVE-2021-43753

Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/lightroom/apsb21-119.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:lightroom:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

14 Sep 2023, 15:57

Type	Values Removed	Values Added
First Time		Adobe lightroom Adobe
CPE		cpe:2.3:a:adobe:lightroom::::::::

12 Sep 2023, 14:16

Type	Values Removed	Values Added
References	~~(MISC) https://helpx.adobe.com/security/products/lightroom/apsb21-119.html -~~	(MISC) https://helpx.adobe.com/security/products/lightroom/apsb21-119.html - Vendor Advisory
First Time		Microsoft Microsoft windows
CVSS	v2 : ~~unknown~~ v3 : ~~3.3~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:o:microsoft:windows:-:::::::*

07 Sep 2023, 13:42

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-07 13:15

Updated : 2024-02-28 20:33

NVD link : CVE-2021-43753

Mitre link : CVE-2021-43753

CVE.ORG link : CVE-2021-43753

JSON object : View

Products Affected

microsoft

windows

adobe

lightroom

CWE

CWE-416

Use After Free

{"id": "CVE-2021-43753", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-09-07T13:15:08.230", "references": [{"url": "https://helpx.adobe.com/security/products/lightroom/apsb21-119.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Las versiones 4.4 (y anteriores) de Adobe Lightroom est\u00e1n afectadas por una vulnerabilidad de Use-After-Free en el procesamiento de archivos TIF que podr\u00eda provocar una escalada de privilegios. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario en el sentido de que una v\u00edctima debe abrir un archivo malicioso."}], "lastModified": "2023-09-14T15:57:16.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:lightroom:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E2E74BF-FEE5-4540-8D1B-F6CBD6C3EE5E", "versionEndExcluding": "5.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@adobe.com"}