CVE-2021-36057 — Write-what-where Condition in Adobe XMP Toolkit

CWE-123 — Write-what-where Condition5 documents5 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 86.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exempi Project Exempi Adobe XMP Toolkit Adobe XMP Toolkit Software Development KIT +1 more

Timeline

PublishedSep 1

Latest updateMay 24

Description

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5adobe/xmp_toolkitunspecified — 2020.1+1

▶NVDadobe/xmp_toolkit_software_development_kit2020.1

▶Debianexempi_project/exempi< 2.5.2-1+deb11u1+3

Also affects: Debian Linux 10.0

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-426g-wxf4-8rhw: XMP Toolkit SDK version 2020↗2022-05-24

▶

OSV

CVE-2021-36057: XMP Toolkit SDK version 2020↗2021-09-01

▶

CVEList

XMP Toolkit SDK Write-What-Where Condition Could Lead To Local Application Denial Of Service↗2021-09-01

▶

📋Vendor Advisories

Debian

CVE-2021-36057: exempi - XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where c...↗2021

▶