Your submission was sent successfully! Close

CVE-2021-42529

Published: 2 May 2022

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Notes

AuthorNote
mdeslaur
fixed in adobe's 2021.08 code drop
Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
exempi
Launchpad, Ubuntu, Debian
bionic
Released (2.4.5-2ubuntu0.1)
focal
Released (2.5.1-1ubuntu0.1)
impish
Released (2.5.2-1ubuntu0.21.10.1)
jammy
Released (2.5.2-1ubuntu0.22.04.1)
upstream
Released (2.6.0-1)
xenial Needs triage

Patches:
upstream: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48