Your submission was sent successfully! Close

CVE-2021-42528

Published: 2 May 2022

XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Notes

AuthorNote
mdeslaur
fixed in adobe's 2021.08 code drop
Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
exempi
Launchpad, Ubuntu, Debian
bionic
Released (2.4.5-2ubuntu0.1)
focal
Released (2.5.1-1ubuntu0.1)
impish
Released (2.5.2-1ubuntu0.21.10.1)
jammy
Released (2.5.2-1ubuntu0.22.04.1)
upstream
Released (2.6.0-1)
xenial Needs triage

Patches:
upstream: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48