Adobe has released an unscheduled critical vulnerability fix ( CVE-2020-9586 ) in its Adobe Character Animator motion capture application. Exploiting the vulnerability allows an attacker to remotely execute code on a vulnerable system.
The buffer overflow problem in the stack affects versions of Adobe Character Animator 3.2 and later and is associated with parsing the BoundingBox element in PostScript.
Adobe has released fixes for other vulnerabilities in its products. One of the problems is with Adobe Premiere Rush video editing software. Exploitation of a read vulnerability outside the buffer ( CVE-2020-9617 ) allows for information disclosure. Users are strongly encouraged to upgrade Adobe Premiere Rush to version 1.5.12.
Adobe Premiere Pro video editing software also contains an off-buffer read vulnerability ( CVE-2020-9616 ) that could be used to disclose information.