Adobe Security Bulletin

Security Updates Available for Adobe XMP Toolkit SDK | APSB21-85

Bulletin ID

Date Published

Priority

APSB21-85

September 14, 2021

3

Summary

Adobe has released updates for XMP Toolkit SDK. These updates resolve an  important vulnerability. Successful exploitation could lead to arbitrary file system read  in the context of the current user.                              

Affected versions

Product

Affected version

Platform

Adobe XMP-Toolkit-SDK

2021.07 and earlier versions  

All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest. 

Product

Updated version

Platform

Priority rating

Availability

Adobe XMP-Toolkit-SDK   

2021.08 

All 

3

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Number

Out-of-bounds Read

(CWE-125)

Arbitrary file system read

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2021-40716

Acknowledgments

Adobe would like to thank CQY of Topsec Alpha Team (yjdfy) for reporting these issues and for working with Adobe to help protect our customers. 


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

Adobe logo

Sign in to your account