CVE-2026-47979 (GCVE-0-2026-47979)
Vulnerability from cvelistv5 – Published: 2026-07-14 19:58 – Updated: 2026-07-14 21:14
VLAI
EPSS
VEX
Title
Media Encoder | Out-of-bounds Read (CWE-125)
Summary
Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
5.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read (CWE-125)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/media-e… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Adobe Media Encoder |
Affected:
0 , ≤ 26.2.2
(semver)
Unaffected: 26.3 (semver) |
|
| Adobe | Adobe Media Encoder |
Affected:
0 , ≤ 25.6.5
(semver)
Unaffected: 25.6.6 (semver) |
Date Public
2026-07-14 17:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Adobe Media Encoder",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "26.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "26.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Adobe Media Encoder",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "25.6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "25.6.6",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-07-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T21:14:32.236Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb26-72.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Media Encoder | Out-of-bounds Read (CWE-125)",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-47979",
"datePublished": "2026-07-14T19:58:54.039Z",
"dateReserved": "2026-05-20T15:50:31.366Z",
"dateUpdated": "2026-07-14T21:14:32.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-47979\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2026-07-14T21:16:57.240\",\"lastModified\":\"2026-07-14T22:17:00.380\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\"}],\"affected\":[{\"source\":\"psirt@adobe.com\",\"affectedData\":[{\"vendor\":\"Adobe\",\"product\":\"Adobe Media Encoder\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"26.2.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"26.3\",\"versionType\":\"semver\",\"status\":\"unaffected\"}]},{\"vendor\":\"Adobe\",\"product\":\"Adobe Media Encoder\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"25.6.5\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"25.6.6\",\"versionType\":\"semver\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"references\":[{\"url\":\"https://helpx.adobe.com/security/products/media-encoder/apsb26-72.html\",\"source\":\"psirt@adobe.com\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…