CVE-2021-39847

Published: 1 September 2021

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
exempi Launchpad, Ubuntu, Debian	bionic	Released (2.4.5-2ubuntu0.1)
	focal	Released (2.5.1-1ubuntu0.1)
	impish	Released (2.5.2-1ubuntu0.21.10.1)
	jammy	Released (2.5.2-1ubuntu0.22.04.1)
	upstream	Released (2.6.0-1)
	xenial	Needs triage

Notes

Author	Note
mdeslaur	fixed in adobe's 2021.07 code drop

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39847
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
https://ubuntu.com/security/notices/USN-5483-1
NVD
Launchpad
Debian

Bugs

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›