Headline
CVE-2023-38210: Adobe Security Bulletin
Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Security Updates Available for Adobe XMP Toolkit SDK | APSB23-45
Bulletin ID
Date Published
Priority
APSB23-45
August 8, 2023
3
Summary
Adobe has released updates for XMP-Toolkit-SDK. This update resolves an important vulnerability. Successful exploitation could lead to application denial of service.
Affected versions
2022.06 and earlier versions
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest.
Product
Updated version
Platform
Priority rating
Availability
Adobe XMP-Toolkit-SDK
2023.07
All
3
Release Notes
Vulnerability Details
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Number
Uncontrolled Resource Consumption (CWE-400)
Application denial-of-service
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2023-38210
Acknowledgments
Adobe would like to thank the following researchers for reporting these issues and working with Adobe to help protect our customers:
- Mikhail Beloborodyy (mbel1) - CVE-2023-38210
NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.
For more information, visit https://helpx.adobe.com/security.html, or email [email protected].