CVE-2021-36047
Publication date 1 September 2021
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
Status
Package | Ubuntu Release | Status |
---|---|---|
exempi | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy |
Fixed 2.5.2-1ubuntu0.22.04.1
|
|
20.04 LTS focal |
Fixed 2.5.1-1ubuntu0.1
|
|
18.04 LTS bionic |
Fixed 2.4.5-2ubuntu0.1
|
|
16.04 LTS xenial |
Vulnerable
|
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 · High |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-5483-1
- Exempi vulnerabilities
- 16 June 2022