3Corns

CVE-2026-48309 - Adobe Audition Out Of Bounds Write Vulnerability

Adobe Systems Incorporated

Security Updates Available for Adobe Audition

Adobe Audition is affected by an out-of-bounds write vulnerability — a flaw in which the application writes data beyond the boundaries of an allocated memory buffer, or to memory locations that are otherwise invalid. This type of flaw is a common cause of memory corruption, which can destabilize the application or be leveraged to alter program behavior. In the case of this vulnerability, exploitation could result in arbitrary code execution in the context of the current user. However, exploitation is not automatic: it requires user interaction, as a victim must first open a specially crafted malicious file for the vulnerability to be triggered.

Out Of Bounds Write Exploit Example - The product writes data past the end, or before the beginning, of the intended buffer.

The product writes data past the end, or before the beginning, of the intended buffer.

Example 1: The following code attempts to save four different identification numbers into an array.

int id_sequence[3];

/* Populate the id array. */

id_sequence[0] = 123;

id_sequence[1] = 234;

id_sequence[2] = 345;

id_sequence[3] = 456;

Because the array was allocated with space for only three elements, its valid index range is 0 through 2 — meaning the assignment to id_sequence[3] falls outside those bounds

Example 2: In the following code, it is possible to request that memcpy move a much larger segment of memory than assumed:

Example Language: C

int returnChunkSize(void *) {

/* if chunk info is valid, return the size of usable memory,

* else, return -1 to indicate an error

*/

...

}

int main() {

...

memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));

...

}

If an error occurs, returnChunkSize() will return -1. However, this return value is not validated before being used in the memcpy operation (CWE-252), which allows -1 to be passed as the size argument to memcpy() (CWE-805). Since memcpy() treats this value as unsigned, -1 is reinterpreted as MAXINT-1 (CWE-195) — a massive number that causes the function to copy far more memory than the destination buffer can actually hold (CWE-787, CWE-788)

Affected Versions
Product Version Platform
Adobe Audition 26.0 and earlier versions  Windows and macOS
Adobe Audition 25.6.4 and earlier versions Windows and macOS

Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. For more information, please reference this help page.

Product Version Platform Availability
Adobe Audition 26.0 Windows and macOS Download Center
Adobe Audition 25.6.4 Windows and macOS Download Center

Vulnerability Details

Severity CVSS base score
CVSS vector
CVE number
Out-of-bounds Write (CWE-787) Arbitrary code execution Critical 7.8 CVE-2026-47967
Out-of-bounds Write (CWE-787) Arbitrary code execution Critical 7.8 CVE-2026-47968
Out-of-bounds Write (CWE-787) Arbitrary code execution Critical 7.8 CVE-2026-48309
Out-of-bounds Write (CWE-787) Arbitrary code execution Critical 7.8 CVE-2026-48368
Out-of-bounds Write (CWE-787) Arbitrary code execution Critical 7.8 CVE-2026-48365
Out-of-bounds Read (CWE-125) Memory exposure Important 5.5 CVE-2026-47969