XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/30xxx/CVE-2025-30305.json",
"cna_assigner": "adobe",
"cwe_ids": [
"CWE-125"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"last_affected": "2023.12"
}
],
"source": "AFFECTED_FIELD"
}
]
}{
"cpe": "cpe:2.3:a:adobe:xmp_toolkit_software_development_kit:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2025.03"
}
],
"source": "CPE_RANGE"
}[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"126636771179267164347849124104795878245",
"146311462694702441864604298611546141686",
"229694796421047086589626576460393590208",
"333049585819998709432590915625886727448",
"327344094990431339669481462780498307920",
"185860195157659454465178398241492620444",
"27437563912872136019565540546888073161"
]
},
"target": {
"file": "XMPFiles/source/FormatSupport/ReconcileTIFF.cpp"
},
"id": "CVE-2025-30305-0fdc4107",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/adobe/xmp-toolkit-sdk/commit/581c41213ddcee1fbc72cbb532531102a6617a25",
"deprecated": false
},
{
"digest": {
"function_hash": "221465110125069646214356567680915949747",
"length": 4953.0
},
"target": {
"function": "MPEG4_MetaHandler::ParseTimecodeTrack",
"file": "XMPFiles/source/FileHandlers/MPEG4_Handler.cpp"
},
"id": "CVE-2025-30305-2278309c",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/adobe/xmp-toolkit-sdk/commit/581c41213ddcee1fbc72cbb532531102a6617a25",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"187518944139985249420273412500574211097",
"15583002584226428710291704495432648427",
"205985667509089914986957604550275770335"
]
},
"target": {
"file": "XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp"
},
"id": "CVE-2025-30305-3b510a9b",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/adobe/xmp-toolkit-sdk/commit/581c41213ddcee1fbc72cbb532531102a6617a25",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"125129654406807451222550634922981563100",
"9544207699385971335663201338877825513",
"311545938769563290809438059876576815640",
"131638305182527215685738375823343845434",
"296059875309506548659418954941307465628",
"317752850298652022554702432266603748686"
]
},
"target": {
"file": "XMPFiles/source/FileHandlers/MPEG4_Handler.cpp"
},
"id": "CVE-2025-30305-7b21aa7d",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/adobe/xmp-toolkit-sdk/commit/581c41213ddcee1fbc72cbb532531102a6617a25",
"deprecated": false
},
{
"digest": {
"function_hash": "103952551366490071579651973526231604574",
"length": 2190.0
},
"target": {
"function": "ImportConversionTable",
"file": "XMPFiles/source/FormatSupport/ReconcileTIFF.cpp"
},
"id": "CVE-2025-30305-c5dfc716",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/adobe/xmp-toolkit-sdk/commit/581c41213ddcee1fbc72cbb532531102a6617a25",
"deprecated": false
},
{
"digest": {
"function_hash": "1182487954308599792182195617916173662",
"length": 576.0
},
"target": {
"function": "TIFF_MemoryReader::GetTag",
"file": "XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp"
},
"id": "CVE-2025-30305-e38fa175",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/adobe/xmp-toolkit-sdk/commit/581c41213ddcee1fbc72cbb532531102a6617a25",
"deprecated": false
},
{
"digest": {
"function_hash": "203380090588908134117353179680189655717",
"length": 4395.0
},
"target": {
"function": "ASF_Support::ReadHeaderObject",
"file": "XMPFiles/source/FormatSupport/ASF_Support.cpp"
},
"id": "CVE-2025-30305-ede195aa",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/adobe/xmp-toolkit-sdk/commit/581c41213ddcee1fbc72cbb532531102a6617a25",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"270222890788802721821863585226932284769",
"197411064336870393814664177552957050643",
"46555676254762346810097850001586770172",
"162603547392460467271159842841031210326",
"86296364783011747475092427852147418728",
"151231048613982874318140143371889519049",
"273233510198261307236627151114006245917",
"9058603271038788767604125618184217002"
]
},
"target": {
"file": "XMPFiles/source/FormatSupport/ASF_Support.cpp"
},
"id": "CVE-2025-30305-f4450138",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/adobe/xmp-toolkit-sdk/commit/581c41213ddcee1fbc72cbb532531102a6617a25",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30305.json"
"2026-07-09T19:48:08Z"