XMP Toolkit SDK Write-What-Where Condition Could Lead To Local Application Denial Of Service
CVE-2021-36057

4MEDIUM

Key Information:

Vendor: Adobe
Status: Xmp Toolkit
Vendor: CVE Published:; 1 September 2021

Summary

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.

Affected Version(s)

XMP Toolkit <= 2020.1

XMP Toolkit <= unspecified

References

https://helpx.adobe.com/security/products/xmpcore/apsb21-...

https://lists.debian.org/debian-lts-announce/2023/09/msg0...

mailing-list

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 1, 2021
Vulnerability Reserved
Jun 30, 2021