CVE-2021-36057

EPSS 0.05%
Published 01.09.2021 15:15:11
Last modified 21.11.2024 06:13:02
Source psirt@adobe.com
Teams watchlist Login
Open Login

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Xmp Toolkit Software Development Kit Version <= 2020.1

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.16

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
psirt@adobe.com	4	2.5	1.4	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-123 Write-what-where Condition

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html

Patch

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2021-36057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-36057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-36057

EUVD