Headline
CVE-2021-40732: Adobe Security Bulletin
XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.
Security Updates Available for Adobe XMP Toolkit SDK | APSB21-85
Bulletin ID
Date Published
Priority
APSB21-85
September 14, 2021
3
Summary
Adobe has released updates for XMP Toolkit SDK. These updates resolve an important vulnerability. Successful exploitation could lead to arbitrary file system read in the context of the current user.
Affected versions
2021.07 and earlier versions
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest.
Product
Updated version
Platform
Priority rating
Availability
Adobe XMP-Toolkit-SDK
2021.08
All
3
Release Note
Vulnerability Details
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Number
Out-of-bounds Read
(CWE-125)
Arbitrary file system read
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2021-40716
NULL Pointer Dereference (CWE-476)
Application denial-of-service
Important
6.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CVE-2021-40732
Acknowledgments
Adobe would like to thank CQY of Topsec Alpha Team (yjdfy) for reporting these issues and for working with Adobe to help protect our customers.
Revision
September 1, 2021: Updated the CVSS base score and the CVSS vector for CVE-2021-36064, CVE-2021-36052. Included details about CVE-2021-39847. Updated acknowledgement details for yjdfy.
October 8, 2021: Added row for CVE-2021-40732 in Vulnerability Details.
January 27th, 2022: Updated CVSS details for CVE-2021-40732
For more information, visit https://helpx.adobe.com/security.html, or email [email protected].
Related news
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5483-1 - It was discovered that Exempi incorrectly handled certain media files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause Exempi to stop responding or crash, resulting in a denial of service, or possibly execute arbitrary code.
XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.