Bulletin ID
Last updated on
Aug 17, 2023
Security Updates Available for Adobe XMP Toolkit SDK | APSB23-45
|
|
Date Published |
Priority |
|---|---|---|
|
APSB23-45 |
August 8, 2023 |
3 |
Summary
Adobe has released updates for XMP-Toolkit-SDK. This update resolves an important vulnerability. Successful exploitation could lead to application denial of service.
Affected versions
|
Product |
Affected version |
Platform |
|
Adobe XMP-Toolkit-SDK |
2022.06 and earlier versions |
All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest.
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Adobe XMP-Toolkit-SDK |
2023.07 |
All |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
|---|---|---|---|---|---|
|
Uncontrolled Resource Consumption (CWE-400) |
Application denial-of-service |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
CVE-2023-38210 |
Acknowledgments
Adobe would like to thank the following researchers for reporting these issues and working with Adobe to help protect our customers:
- Mikhail Beloborodyy (mbel1) - CVE-2023-38210
NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.