Adobe Security Bulletin

Security Updates Available for Adobe XMP Toolkit SDK | APSB21-85

Bulletin ID

Date Published

Priority

APSB21-85

September 14, 2021

3

Summary

Adobe has released updates for XMP Toolkit SDK. These updates resolve an  important vulnerability. Successful exploitation could lead to arbitrary file system read  in the context of the current user.                              

Affected versions

Product

Affected version

Platform

Adobe XMP-Toolkit-SDK

2021.07 and earlier versions  

All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest. 

Product

Updated version

Platform

Priority rating

Availability

Adobe XMP-Toolkit-SDK   

2021.08 

All 

3

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Number

Out-of-bounds Read

(CWE-125)

Arbitrary file system read

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2021-40716

NULL Pointer Dereference (CWE-476)

Application denial-of-service

Important

6.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CVE-2021-40732

Acknowledgments

Adobe would like to thank CQY of Topsec Alpha Team (yjdfy) for reporting these issues and for working with Adobe to help protect our customers. 

Revision

September 1, 2021:  Updated the CVSS base score and the CVSS vector for CVE-2021-36064, CVE-2021-36052. Included details about CVE-2021-39847. Updated acknowledgement details for yjdfy.

October 8, 2021: Added row for CVE-2021-40732 in Vulnerability Details.   

January 27th, 2022: Updated CVSS details for CVE-2021-40732  


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

Get help faster and easier

New user?