Bulletin ID
Last updated on
Jan 28, 2022
Security Updates Available for Adobe XMP Toolkit SDK | APSB21-85
|
|
Date Published |
Priority |
|---|---|---|
|
APSB21-85 |
September 14, 2021 |
3 |
Summary
Adobe has released updates for XMP Toolkit SDK. These updates resolve an important vulnerability. Successful exploitation could lead to arbitrary file system read in the context of the current user.
Affected versions
|
Product |
Affected version |
Platform |
|
Adobe XMP-Toolkit-SDK |
2021.07 and earlier versions |
All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest.
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Adobe XMP-Toolkit-SDK |
2021.08 |
All |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
|---|---|---|---|---|---|
|
Out-of-bounds Read (CWE-125) |
Arbitrary file system read |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2021-40716 |
|
NULL Pointer Dereference (CWE-476) |
Application denial-of-service |
Important |
6.1 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
CVE-2021-40732 |
Acknowledgments
Adobe would like to thank CQY of Topsec Alpha Team (yjdfy) for reporting these issues and for working with Adobe to help protect our customers.
Revision
September 1, 2021: Updated the CVSS base score and the CVSS vector for CVE-2021-36064, CVE-2021-36052. Included details about CVE-2021-39847. Updated acknowledgement details for yjdfy.
October 8, 2021: Added row for CVE-2021-40732 in Vulnerability Details.
January 27th, 2022: Updated CVSS details for CVE-2021-40732
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.