Description

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file.

Related CPE's

a

adobe

xmp_toolkit_software_development_kit

Vulnerable

o

debian

debian_linux

10.0

Vulnerable

References

https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html

Mailing ListThird Party Advisory

https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html

Weaknesses

[email protected]

Secondary
CWE-122

[email protected]

Secondary
CWE-120

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-04T12:15:07.333Z

4 years ago

Last modified

2025-11-03T19:15:48.333Z

2 months ago