CVE-2021-36048

CWE-20 — Improper Input Validation6 documents6 sources

Severity

7.8HIGH

EPSS

0.5%

top 32.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe XMP Toolkit Adobe XMP Toolkit Software Development KIT Debian Debian Linux

Timeline

PublishedSep 1

Latest updateJun 16

Description

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5adobe/xmp_toolkitunspecified — 2020.1+1

▶NVDadobe/xmp_toolkit_software_development_kit2020.1

▶Debianexempi< 2.5.2-1+deb11u1+3

Also affects: Debian Linux 10.0

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-hj8w-jv52-fv86: XMP Toolkit SDK version 2020↗2022-05-24

▶

CVEList

XMP Toolkit SDK Improper Input Validation Could Lead To Arbitrary Code Execution↗2021-09-01

▶

OSV

CVE-2021-36048: XMP Toolkit SDK version 2020↗2021-09-01

▶

📋Vendor Advisories

Ubuntu

Exempi vulnerabilities↗2022-06-16

▶

Debian

CVE-2021-36048: exempi - XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Va...↗2021

▶