CVE-2021-36045Out-of-bounds Read in Adobe XMP Toolkit

CWE-125Out-of-bounds Read6 documents6 sources
Severity
3.3LOWNVD
EPSS
0.3%
top 47.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Exempi Project ExempiAdobe XMP ToolkitAdobe XMP Toolkit Software Development KIT+1 more
Timeline
PublishedSep 1
Latest updateJun 16

Description

XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5adobe/xmp_toolkitunspecified2020.1+1
Debianexempi_project/exempi< 2.5.2-1+deb11u1+3

Also affects: Debian Linux 10.0

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

3
GHSA
GHSA-vv37-c88j-jq3p: XMP Toolkit SDK versions 20202022-05-24
CVEList
XMP Toolkit SDK Out-of-bounds Read Vulnerability In PostScriptSupport::ConvertToDate Could Lead To Information Exposure2021-09-01
OSV
CVE-2021-36045: XMP Toolkit SDK versions 20202021-09-01

📋Vendor Advisories

2
Ubuntu
Exempi vulnerabilities2022-06-16
Debian
CVE-2021-36045: exempi - XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds r...2021
CVE-2021-36045 — Out-of-bounds Read in Adobe | cvebase