First published: Wed Sep 01 2021(Updated: )
XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe XMP Toolkit | <=2020.1 | |
Debian | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-36047 is an Improper Input Validation vulnerability in the XMP Toolkit SDK version 2020.1 and earlier, which can potentially lead to arbitrary code execution.
CVE-2021-36047 has a severity rating of critical.
CVE-2021-36047 requires user interaction, as a victim must open a specially crafted file, which can result in arbitrary code execution in the context of the current user.
The affected software for CVE-2021-36047 is the Adobe XMP Toolkit Software Development Kit version 2020.1 and earlier.
To mitigate CVE-2021-36047, it is recommended to update to a version of the XMP Toolkit SDK that is not affected by the vulnerability.