CVE-2021-40716

CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 51.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe XMP Toolkit Adobe XMP Toolkit Software Development KIT Debian Debian Linux

Timeline

PublishedSep 29

Latest updateJun 16

Description

XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5adobe/xmp_toolkitunspecified — 2021.07+1

▶NVDadobe/xmp_toolkit_software_development_kit2021.07

▶Debianexempi< 2.5.2-1+deb11u1+3

Also affects: Debian Linux 10.0

🔴Vulnerability Details

GHSA

GHSA-h9rm-h58w-49mj: XMP Toolkit SDK versions 2021↗2022-05-24

▶

CVEList

XMP Toolkit SDK SVG_Adapter Out-of-bounds Read Information Disclosure↗2021-09-29

▶

OSV

CVE-2021-40716: XMP Toolkit SDK versions 2021↗2021-09-29

▶

📋Vendor Advisories

Ubuntu

Exempi vulnerabilities↗2022-06-16

▶

Debian

CVE-2021-40716: exempi - XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds ...↗2021

▶