Adobe After Effects
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe After Effects.
By the Year
In 2026 there have been 15 vulnerabilities in Adobe After Effects with an average score of 7.5 out of ten. Last year, in 2025 After Effects had 9 security vulnerabilities published. That is, 6 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.48.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 15 | 7.49 |
| 2025 | 9 | 6.01 |
| 2024 | 13 | 6.74 |
| 2023 | 22 | 5.95 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 7.80 |
| 2020 | 6 | 9.80 |
| 2019 | 1 | 7.80 |
It may take a day or so for new After Effects vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe After Effects Security Vulnerabilities
Adobe After Effects <=25.6 UAF Vulnerability (CVE-2026-21329)
CVE-2026-21329
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe After Effects 25.6 UAF CVE-2026-21323
CVE-2026-21323
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
After Effects v25.6 OOB Read Allows Code Exec via Malicious File
CVE-2026-21324
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects 25.6 UAF (Arb Code Exec, User Interaction)
CVE-2026-21326
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
After Effects 25.6 and Earlier OOB Read in File Parser, Code Exec
CVE-2026-21322
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects <=25.6 OOB Write -> RCE via Malicious File
CVE-2026-21318
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe After Effects OOB Write Vulnerability (25.6) CVE-2026-21328
CVE-2026-21328
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe After Effects <=25.6 OOB Read
CVE-2026-21319
5.5 - Medium
- February 10, 2026
After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects <=25.6: NULL Pointer Deref DoS via Malicious File
CVE-2026-21350
5.5 - Medium
- February 10, 2026
After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
After Effects 25.6 and earlier: Type Confusion CVE-2026-21330
CVE-2026-21330
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Object Type Confusion
After Effects <=25.6 OOB Read in Parser Code Exec
CVE-2026-21325
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects: OOB Write (Arbitrary Code Exec) v25.6-
CVE-2026-21327
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe After Effects <=25.6 Use-After-Free Arbitrary Code Exec
CVE-2026-21320
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe After Effects UAFL exploitable via malicious file (<=25.6)
CVE-2026-21351
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe AE <=25.6: Integer Overflow permits arbitrary code exec via file
CVE-2026-21321
7.8 - High
- February 10, 2026
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer Overflow or Wraparound
Adobe AE 25.2/24.6.6 NULL Pointer Deref DoS
CVE-2025-47109
5.5 - Medium
- July 08, 2025
After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe After Effects OOB Read (cve-2025-43587) before 25.2, 24.6.6
CVE-2025-43587
5.5 - Medium
- July 08, 2025
After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe AE <=24.6.4/25.1 OOB Read Exposing Sensitive Memory
CVE-2025-27187
5.5 - Medium
- April 08, 2025
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects OOB Read in File Parser before v25.2
CVE-2025-27186
5.5 - Medium
- April 08, 2025
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
NULL Ptr Deref in After Effects <25.2 Causes DoS (User-Interaction Required)
CVE-2025-27185
5.5 - Medium
- April 08, 2025
After Effects versions 25.1, 24.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe After Effects 25.1 OOB Read Vulnerability
CVE-2025-27184
5.5 - Medium
- April 08, 2025
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
After Effects <=25.1 OOB Write => Arbitrary Code Exec
CVE-2025-27183
7.8 - High
- April 08, 2025
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe AE OOB Write CVE-2025-27182 25.1/24.6.4&prior Code Exec
CVE-2025-27182
7.8 - High
- April 08, 2025
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe After Effects OOB Read Vulnerability (v <25.2)
CVE-2025-27204
5.5 - Medium
- April 08, 2025
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects Stack-based Buffer Overflow Vulnerability
CVE-2024-49537
7.8 - High
- December 10, 2024
After Effects versions 24.6.2, 25.0.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe After Effects Out-of-Bounds Write Vulnerability
CVE-2024-47441
7.8 - High
- November 12, 2024
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe After Effects Out-of-Bounds Write Vulnerability
CVE-2024-47442
7.8 - High
- November 12, 2024
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe After Effects Out-of-Bounds Write Vulnerability
CVE-2024-47443
7.8 - High
- November 12, 2024
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe After Effects Out-of-Bounds Read Vulnerability
CVE-2024-47444
5.5 - Medium
- November 12, 2024
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects Out-of-Bounds Read Vulnerability
CVE-2024-47445
5.5 - Medium
- November 12, 2024
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects Out-of-Bounds Read Vulnerability
CVE-2024-47446
5.5 - Medium
- November 12, 2024
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects OOB Read pre-24.5 ASLR Bypass Vulnerability
CVE-2024-41867
5.5 - Medium
- September 13, 2024
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects OOB Write in File Parser UE 23.6.6/24.5
CVE-2024-41859
7.8 - High
- September 13, 2024
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe After Effects OOB read in 23.6.6/24.5 (CVE-2024-39382)
CVE-2024-39382
5.5 - Medium
- September 13, 2024
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects OOB Write 24.5 Causing Arbitrary Code Exec
CVE-2024-39381
7.8 - High
- September 13, 2024
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe After Effects Heap Buffer Overflow before 24.5 (CVE-2024-39380)
CVE-2024-39380
7.8 - High
- September 13, 2024
After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Buffer Overflow
OOB Read in Adobe AE 24.1 (CVE202420737)
CVE-2024-20737
5.5 - Medium
- April 10, 2024
After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects 24.0.3 OOB Read Bypass ASLR
CVE-2023-48635
5.5 - Medium
- December 13, 2023
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects UAF before 24.0.3 / 23.6.0 leads to Code Exec
CVE-2023-48633
7.8 - High
- December 13, 2023
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe AE 24.0.3/23.6.0 Improper Input Validation Arbitrary Code Exec
CVE-2023-48634
7.8 - High
- December 13, 2023
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe After Effects OOB Write CVE-2023-48632 (before v24.0.3 & v23.6.0)
CVE-2023-48632
7.8 - High
- December 13, 2023
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe AE OOBW in 24.0.2 and 23.6 allows code exec
CVE-2023-47070
7.8 - High
- November 17, 2023
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe AE 24.0.2/23.6 OOB write -> 0day code exec
CVE-2023-47073
7.8 - High
- November 17, 2023
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe AE 24.0.2 Unint Ptr (AUP) Disclosure ASLR Bypass via Malicious File
CVE-2023-47072
3.3 - Low
- November 17, 2023
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe After Effects OOB Read (v24.0.2 & v23.6) Exec upon File Open
CVE-2023-47066
7.8 - High
- November 17, 2023
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe AE OOB Read CVE-2023-47067 (v24.0.2/23.6 and earlier)
CVE-2023-47067
7.8 - High
- November 17, 2023
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe AE OOB Read 24.0.2 and Earlier
CVE-2023-47069
7.8 - High
- November 17, 2023
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe After Effects 24.0.2/23.6 OOBR Disclosure
CVE-2023-47071
5.5 - Medium
- November 17, 2023
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe AE OOB Read (22.0) Sensitive Mem Disclosure
CVE-2021-44195
3.3 - Low
- September 07, 2023
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe After Effects <22.0 OOB Read: Sensitive Memory Disclosure (CVE-2021-44190)
CVE-2021-44190
3.3 - Low
- September 07, 2023
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe After Effects or by Adobe? Click the Watch button to subscribe.
