CVE-2021-39847
Published: 1 September 2021
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
Priority
CVSS 3 base score: 7.8
Notes
Author | Note |
---|---|
mdeslaur | fixed in adobe's 2021.07 code drop |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39847
- https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
- https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
- https://ubuntu.com/security/notices/USN-5483-1
- NVD
- Launchpad
- Debian