XMP Toolkit SDK Improper Input Validation Could Lead To Arbitrary Code Execution
CVE-2021-36048

7.8HIGH

Key Information:

Vendor: Adobe
Status: Xmp Toolkit
Vendor: CVE Published:; 1 September 2021

Summary

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Affected Version(s)

XMP Toolkit <= 2020.1

XMP Toolkit <= unspecified

References

https://helpx.adobe.com/security/products/xmpcore/apsb21-...

https://lists.debian.org/debian-lts-announce/2023/09/msg0...

mailing-list

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 1, 2021
Vulnerability Reserved
Jun 30, 2021