Adobe Lightroom TIF File Parsing Use-After-Free Information Disclosure Vulnerability
CVE-2021-43753

7.8HIGH

Key Information:

Vendor: Adobe
Status: Lightroom Desktop
Vendor: CVE Published:; 7 September 2023

Summary

A use-after-free vulnerability exists in Adobe Lightroom version 4.4 and earlier when processing TIF files. This vulnerability could potentially allow an attacker to escalate privileges if a user interacts with a maliciously crafted TIF file. Exploitation of this flaw necessitates user action, as the victim must open the malicious file for the attack to succeed. Users are advised to be cautious when handling TIF files to minimize risks.

Affected Version(s)

Lightroom Desktop 0 <= 4.4

References

https://helpx.adobe.com/security/products/lightroom/apsb2...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2023
Vulnerability Reserved
Nov 15, 2021