CVE-2021-36057

EPSS 0.05%
Veröffentlicht 01.09.2021 15:15:11
Zuletzt bearbeitet 21.11.2024 06:13:02
Quelle psirt@adobe.com
Teams Watchlist Login
Unerledigt Login

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Xmp Toolkit Software Development Kit Version <= 2020.1

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.16

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
psirt@adobe.com	4	2.5	1.4	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-123 Write-what-where Condition

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html

Patch

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2021-36057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-36057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-36057

EUVD