CVE-2021-40716

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-40716

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40716.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-40716

Downstream

DEBIAN-CVE-2021-40716

DLA-3585-1

DLA-4264-1

UBUNTU-CVE-2021-40716

USN-5483-1

Related

MGASA-2022-0236

Published

2021-09-29T16:15:11Z

Modified

2025-10-21T06:34:04.341194Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References

Affected packages

Git / github.com/adobe/xmp-toolkit-sdk

Affected ranges

Type: GIT
Repo: https://github.com/adobe/xmp-toolkit-sdk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

9c78968498f3321bd50c817bae585bb0936e5e08

Affected versions

v2020.*

v2020.1

v2021.*

v2021.07