Adobe Security Bulletin

Last updated on 11 Oct 2021

Security Updates Available for Adobe Bridge | APSB21-69

Bulletin ID	Date Published	Priority
APSB21-69	August 17, 2021	3

Summary

Adobe has released a security update for Adobe Bridge. This update addresses one moderate, one important and multiple  critical vulnerabilities that could lead to arbitrary code execution in the context of the current user.      

Affected Versions

Product	Version	Platform
Adobe Bridge	11.1 and earlier versions	Windows

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism.  For more information, please reference this help page.  

Product	Version	Platform	Priority	Availability
Adobe Bridge	11.1.1	Windows and macOS	3	Download Page
Adobe Bridge	10.1.3	Windows and macOS	3	Download Page

Vulnerability details

Vulnerability Category	Vulnerability Impact	Severity	CVSS base score	CVSS vector	CVE Numbers
Out-of-bounds Write (CWE-787)	Arbitrary code execution	Critical	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-36072
Access of Memory Location After End of Buffer (CWE-788)	Arbitrary code execution	Critical	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-36078
Heap-based Buffer Overflow (CWE-122)	Arbitrary code execution	Critical	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-36073
Out-of-bounds Read (CWE-125)	Arbitrary code execution	Critical	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-36079
Out-of-bounds Read (CWE-125)	Memory leak	Critical	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-36074
Buffer Overflow (CWE-120)	Arbitrary code execution	Critical	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-36075
Access of Memory Location After End of Buffer (CWE-788)	Application denial-of-service	Important	5.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	CVE-2021-36077
Out-of-bounds Read (CWE-125)	Arbitrary file system read	Moderate	3.3	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N	CVE-2021-36071
Access of Memory Location After End of Buffer (CWE-788)	Arbitrary code execution	Critical	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-36067 CVE-2021-36068 CVE-2021-36069 CVE-2021-36049 CVE-2021-36076 CVE-2021-36059

Acknowledgments

Adobe would like to thank the following researchers for reporting these issues and for working with Adobe to help protect our customers:  

CFF of Topsec Alpha Team (cff_123) (CVE-2021-36067, CVE-2021-36068, CVE-2021-36069, CVE-2021-36075, CVE-2021-36076, CVE-2021-36059, CVE-2021-39816, CVE-2021-39817)  
CQY of Topsec Alpha Team (yjdfy) (CVE-2021-36049, CVE-2021-36077)
Kdot working with Trend Micro Zero Day Initiative (CVE-2021-36072, CVE-2021-36073)
Qiao Li Of Baidu Security Lab working with Trend Micro Zero Day Initiative (CVE-2021-36078)
Mat Powell of Trend Micro Zero Day Initiative (CVE-2021-36079, CVE-2021-36074, CVE-2021-36071)

For more information, visit https://helpx.adobe.com/security.html , or email PSIRT@adobe.com

Adobe

Get help faster and easier

New user?