Adobe Security Bulletin

Security Updates Available for Adobe XMP Toolkit SDK | APSB21-108

Bulletin ID

Date Published

Priority

APSB21-108

October 26, 2021

2

Summary

Adobe has released updates for XMP-Toolkit-SDK. These updates resolve critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution and application denial of service.         
                         

Affected versions

Product

Affected version

Platform

Adobe XMP-Toolkit-SDK

2021.07 and earlier versions  

All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest. 

Product

Updated version

Platform

Priority rating

Availability

Adobe XMP-Toolkit-SDK   

2021.08 

All 

3

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Number

NULL Pointer Dereference (CWE-476

Application denial-of-service 

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 

CVE-2021-42528 

Stack-based Buffer Overflow (CWE-121

Arbitrary code execution 

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-42529  

Stack-based Buffer Overflow (CWE-121

Arbitrary code execution 

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 

CVE-2021-42530

Stack-based Buffer Overflow (CWE-121

Arbitrary code execution 

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-42531

Stack-based Buffer Overflow (CWE-121

Arbitrary code execution 

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-42532  

Acknowledgments

Adobe would like to thank (hy350) HY350 of Topsec Alpha Team for reporting these issues and for working with Adobe to help protect our customers. 

(hy350) HY350 of Topsec Alpha Team CVE-2021-42532; CVE-2021-42531; CVE-2021-42530; CVE-2021-42529; CVE-2021-42528


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

Get help faster and easier

New user?