Headline
CVE-2021-42532: Adobe Security Bulletin
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
Security Updates Available for Adobe XMP Toolkit SDK | APSB21-108
Bulletin ID
Date Published
Priority
APSB21-108
October 26, 2021
2
Summary
Adobe has released updates for XMP-Toolkit-SDK. These updates resolve critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and application denial of service.
Affected versions
2021.07 and earlier versions
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest.
Product
Updated version
Platform
Priority rating
Availability
Adobe XMP-Toolkit-SDK
2021.08
All
3
Release Notes
Vulnerability Details
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Number
NULL Pointer Dereference (CWE-476)
Application denial-of-service
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-42528
Stack-based Buffer Overflow (CWE-121)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-42529
Stack-based Buffer Overflow (CWE-121)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-42530
Stack-based Buffer Overflow (CWE-121)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-42531
Stack-based Buffer Overflow (CWE-121)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-42532
Acknowledgments
Adobe would like to thank (hy350) HY350 of Topsec Alpha Team for reporting these issues and for working with Adobe to help protect our customers.
(hy350) HY350 of Topsec Alpha Team CVE-2021-42532; CVE-2021-42531; CVE-2021-42530; CVE-2021-42529; CVE-2021-42528
For more information, visit https://helpx.adobe.com/security.html, or email [email protected].
Related news
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.