Adobe developers have released unscheduled patch to fix three vulnerabilities found in the Media Encoder tool, which is used to encode audio and video in various formats.
Three of the issues identified were identified as CVE-2020-9739, CVE-2020-9744, and CVE-2020-9745 and represent out-of-bound reading issues that could eventually lead to disclosure and information leakage in the context of the current user.
All three vulnerabilities are rated Important and pose a threat to Adobe Media Encoder 14.4 (both Windows and Mac). Each vulnerability was assigned priority 3, which means that, in the opinion of Adobe, attacks on these bugs were not and are not expected.
Last week, as part of the September "Update Tuesday", Adobe developers also fixed a number of vulnerabilities in Adobe Experience Manager, InDesign and Framemaker. And these problems were much more serious than the recent bugs in Media Encoder.
Five more vulnerabilities (CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730, and CVE-2020-9731) have been fixed as part of Adobe indesign and affected versions 15.1.1 and below. These bugs could lead to the execution of arbitrary code in the context of the current user and were associated with a violation of the integrity of information in memory.
Adobe framemaker got a security update too. In particular, two critical vulnerabilities related to out-of-bound reading and stack buffer overflow were patched (CVE-2020-9726, CVE-2020-9725). Their exploitation could lead to the execution of arbitrary code.