First published: Mon May 02 2022(Updated: )
XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe XMP Toolkit | <=2021.07 | |
Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-42528 has a high severity rating due to its ability to cause application denial-of-service.
To fix CVE-2021-42528, users should update to the latest version of the Adobe XMP Toolkit or apply the relevant patches from the software vendor.
CVE-2021-42528 affects users of Adobe XMP Toolkit versions 2021.07 and earlier, as well as Debian Linux 10.0.
An unauthenticated attacker can exploit CVE-2021-42528 to perform a denial-of-service attack by parsing a specially crafted file.
CVE-2021-42528 is considered a local vulnerability since it requires an authenticated user to execute the attack.