CVE-2021-42530

2022-05-0223:15:07

Debian Security Bug Tracker

security-tracker.debian.org

xmp toolkit sdk

buffer overflow

cve-2021-42530

arbitrary code execution

user interaction

crafted file

unix

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.733

Percentile

98.1%

JSON

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

OSVersionArchitecturePackageVersionFilename
Debian12allexempi< 2.6.0-1exempi_2.6.0-1_all.deb
Debian11allexempi<= 2.5.2-1exempi_2.5.2-1_all.deb
Debian999allexempi< 2.6.0-1exempi_2.6.0-1_all.deb
Debian13allexempi< 2.6.0-1exempi_2.6.0-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	exempi	< 2.6.0-1	exempi_2.6.0-1_all.deb
Debian	11	all	exempi	<= 2.5.2-1	exempi_2.5.2-1_all.deb
Debian	999	all	exempi	< 2.6.0-1	exempi_2.6.0-1_all.deb
Debian	13	all	exempi	< 2.6.0-1	exempi_2.6.0-1_all.deb