CVE-2021-42532: Adobe Security Bulletin

Security Updates Available for Adobe XMP Toolkit SDK | APSB21-108

Bulletin ID

Date Published

Priority

APSB21-108

October 26, 2021

2

Summary

Adobe has released updates for XMP-Toolkit-SDK. These updates resolve critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution and application denial of service.

Affected versions

2021.07 and earlier versions

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest.

Product

Updated version

Platform

Priority rating

Availability

Adobe XMP-Toolkit-SDK

2021.08

All

3

Release Notes

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score

CVSS vector

CVE Number

NULL Pointer Dereference (CWE-476)

Application denial-of-service

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2021-42528

Stack-based Buffer Overflow (CWE-121)

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-42529

Stack-based Buffer Overflow (CWE-121)

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-42530

Stack-based Buffer Overflow (CWE-121)

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-42531

Stack-based Buffer Overflow (CWE-121)

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-42532

Acknowledgments

Adobe would like to thank (hy350) HY350 of Topsec Alpha Team for reporting these issues and for working with Adobe to help protect our customers.

(hy350) HY350 of Topsec Alpha Team CVE-2021-42532; CVE-2021-42531; CVE-2021-42530; CVE-2021-42529; CVE-2021-42528

For more information, visit https://helpx.adobe.com/security.html, or email [email protected].