Bulletin ID
Last updated on
Nov 12, 2021
Security Updates Available for Adobe XMP Toolkit SDK | APSB21-108
|
|
Date Published |
Priority |
|---|---|---|
|
APSB21-108 |
October 26, 2021 |
2 |
Summary
Affected versions
|
Product |
Affected version |
Platform |
|
Adobe XMP-Toolkit-SDK |
2021.07 and earlier versions |
All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest.
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Adobe XMP-Toolkit-SDK |
2021.08 |
All |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
|---|---|---|---|---|---|
|
NULL Pointer Dereference (CWE-476) |
Application denial-of-service |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
CVE-2021-42528 |
|
Stack-based Buffer Overflow (CWE-121) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-42529 |
|
Stack-based Buffer Overflow (CWE-121) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-42530 |
|
Stack-based Buffer Overflow (CWE-121) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-42531 |
|
Stack-based Buffer Overflow (CWE-121) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-42532 |
Acknowledgments
Adobe would like to thank (hy350) HY350 of Topsec Alpha Team for reporting these issues and for working with Adobe to help protect our customers.
(hy350) HY350 of Topsec Alpha Team CVE-2021-42532; CVE-2021-42531; CVE-2021-42530; CVE-2021-42529; CVE-2021-42528
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.