Bulletin ID
Security Updates Available for Adobe XMP Toolkit SDK | APSB21-108
Bulletin ID |
Date Published |
Priority |
---|---|---|
APSB21-108 |
October 26, 2021 |
2 |
Product |
Affected version |
Platform |
Adobe XMP-Toolkit-SDK |
2021.07 and earlier versions |
All |
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest.
Product |
Updated version |
Platform |
Priority rating |
Availability |
Adobe XMP-Toolkit-SDK |
2021.08 |
All |
3 |
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
---|---|---|---|---|---|
NULL Pointer Dereference (CWE-476) |
Application denial-of-service |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
CVE-2021-42528 |
Stack-based Buffer Overflow (CWE-121) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-42529 |
Stack-based Buffer Overflow (CWE-121) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-42530 |
Stack-based Buffer Overflow (CWE-121) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-42531 |
Stack-based Buffer Overflow (CWE-121) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-42532 |
Adobe would like to thank (hy350) HY350 of Topsec Alpha Team for reporting these issues and for working with Adobe to help protect our customers.
(hy350) HY350 of Topsec Alpha Team CVE-2021-42532; CVE-2021-42531; CVE-2021-42530; CVE-2021-42529; CVE-2021-42528
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
Sign in to your account