XMP Toolkit SDK Heap-based Buffer Overflow in the PSD_MetaHandler::CacheFileData Could Lead To Application Denial Of Service
CVE-2021-36054

3.3LOW

Key Information:

Vendor
Adobe
Status
Xmp Toolkit
Vendor
CVE Published:
1 September 2021

Summary

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Affected Version(s)

XMP Toolkit <= 2020.1

XMP Toolkit <= unspecified

References

https://helpx.adobe.com/security/products/xmpcore/apsb21-...
https://lists.debian.org/debian-lts-announce/2023/09/msg0...
mailing-list

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.