CVE-2021-36056: XMP Toolkit SDK Heap-based Buffer Overflow Could Lead To Arbitrary Code Execution
First published: Wed Sep 01 2021(Updated: )
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe XMP Toolkit | <=2020.1 | |
| Debian | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this buffer overflow vulnerability?
The vulnerability ID for this buffer overflow vulnerability is CVE-2021-36056.
What is the severity of CVE-2021-36056?
The severity of CVE-2021-36056 is critical with a CVSS score of 5.5.
What software is affected by CVE-2021-36056?
The XMP Toolkit SDK version 2020.1 (and earlier) is affected by CVE-2021-36056.
What is the potential impact of CVE-2021-36056?
CVE-2021-36056 can potentially result in arbitrary code execution in the context of the current user.
How can CVE-2021-36056 be exploited?
Exploitation of CVE-2021-36056 requires user interaction in that a victim must open a crafted file.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/description
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/adobe
- canonical/adobe xmp toolkit
- version/adobe xmp toolkit/2020.1
- vendor/debian
- canonical/debian
- version/debian/10.0