28 matches found
CVE-2021-42530
CVE-2021-42530 affects Exempi (XMP Toolkit SDK) up to version 2021.07 and earlier, due to a stack-based buffer overflow that can lead to arbitrary code execution in the current user context. Exploitation requires the user to open a crafted file. Debian LTS advisories show patched packages: 2.5.2-...
CVE-2021-42529
CVE-2021-42529 affects XMP Toolkit SDK 2021.07 and earlier, with a stack-based buffer overflow that can lead to arbitrary code execution in the context of the current user. Exploitation requires the victim to open a crafted file (user interaction). Connected advisories confirm the issue across mu...
CVE-2021-36056
CVE-2021-36056 affects XMP Toolkit SDK 2020.1 and earlier. The vulnerability is a heap-based buffer overflow in the Exempi XMP implementation that could lead to arbitrary code execution in the context of the current user. Exploitation requires the user to open a crafted file (user interaction). S...
CVE-2021-42532
Multiple connected sources confirm CVE-2021-42532 affects Exempi (XMP Toolkit SDK) with a stack-based buffer overflow that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (open a crafted file). Public details cite affected versions (...
CVE-2021-36054
Exempi (XMP Toolkit SDK) v2020.1 and earlier is affected by CVE-2021-36054, a heap-based buffer overflow vulnerability in the XMP toolkit. Exploitation requires the user to open a crafted file, potentially causing a local denial of service (and, per related advisories, may enable arbitrary code e...
CVE-2021-42528
CVE-2021-42528 is a NULL pointer dereference in Exempi / XMP Toolkit 2021.07 (and earlier) when parsing a specially crafted file. An unauthenticated attacker could cause an application-denial-of-service in the context of the current user, with user interaction required to open the malicious file....
CVE-2021-42531
CVE-2021-42531 affects Exempi (XMP Toolkit SDK) version 2021.07 and earlier, with a stack-based buffer overflow that can enable arbitrary code execution in the context of the current user. Exploitation requires the user to open a crafted file. Publicly documented fixes exist across distributions:...
CVE-2021-36052
The CVE-2021-36052 issue concerns Exempi (XMP Toolkit) and affects version 2020.1 and earlier, with an out-of-bounds memory access that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (e.g., opening a crafted file). Multiple connecte...
CVE-2021-36053
CVE-2021-36053 affects Exempi (XMP Toolkit SDK) versions through 2020.1 and earlier, due to an out-of-bounds read that could disclose arbitrary memory. Exploitation requires user interaction (victim opens a malicious file), potentially bypassing ASLR. Connected advisories (Debian LTS, Mageia, Ubu...
CVE-2021-36064
The CVE-2021-36064 issue affects Exempi (XMP Toolkit SDK) up to 2020.1 and earlier with a Buffer Underflow/Underflow vulnerability that could allow arbitrary code execution in the context of the current user when a victim opens a crafted file; user interaction is required. Public advisories acros...
CVE-2025-30307
The CVE-2025-30307 entry places XMP Toolkit (versions 2023.12 and earlier) at risk due to an out-of-bounds read that can disclose memory and bypass ASLR. The vulnerability requires user interaction (victim opens a malicious file). Affected components are associated with Adobe XMP Toolkit/Exempi f...
CVE-2021-40732
CVE-2021-40732 concerns Exempi’s XMP Toolkit (versions 2020.1 and earlier). The connected sources confirm a NULL pointer dereference in the Exempi library when processing certain files, allowing leakage of memory contents and enabling local denial of service within the current user context. Explo...
CVE-2021-36050
CVE-2021-36050 affects Exempi (XMP Toolkit SDK) 2020.1 and earlier, with a heap-based buffer overflow that can lead to arbitrary code execution under the current user when a crafted file is opened (user interaction required). Debian LTS advisories show fixes: 2.5.0-2+deb10u1 for Debian 10 (buster...
CVE-2021-36046
The CVE-2021-36046 issue affects Exempi (XMP Toolkit) 2020.1 and earlier, with a memory corruption vulnerability that could lead to arbitrary code execution in the current user context. Exploitation requires user interaction (e.g., opening a crafted file). Public advisories in the connected docum...
CVE-2021-39847
CVE-2021-39847 affects the XMP Toolkit SDK (Exempi) versions 2020.1 and earlier. The issue is a stack-based buffer overflow in Exempi, potentially allowing arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a crafted file. Con...
CVE-2025-30305
Summary of CVE-2025-30305 (CVE record) : XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could disclose sensitive memory and bypass mitigations such as ASLR. Exploitation requires user interaction (victim must open a malicious file). The issue is ...
CVE-2023-38210
CVE-2023-38210 affects Adobe XMP Toolkit SDK (2022.06). The flaw is an Uncontrolled Resource Consumption leading to application denial-of-service when a user opens a malicious file; exploitation requires user interaction and is context of the current user. Adobe’s advisory APSB23-45 notes a secur...
CVE-2021-40716
CVE-2021-40716 affects Exempi/XMP Toolkit SDK (versions 2021.07 and earlier). The issue is an out-of-bounds read that could disclose sensitive memory and potentially bypass ASLR; exploitation requires user interaction (open a crafted file). Publicly documented fixes include: Debian has updated ex...
CVE-2021-36045
CVE-2021-36045 is an out-of-bounds read vulnerability in Exempi (XMP Toolkit SDK 2020.1 and earlier) that could disclose arbitrary memory and potentially bypass ASLR. Exploitation requires the user to open a malicious file. Public advisories (Debian, Mageia, Ubuntu) indicate fixes in newer exploi...
CVE-2021-36055
CVE-2021-36055 affects Exempi (XMP Toolkit SDK) up to version 2020.1 and earlier, with a use-after-free that could allow arbitrary code execution under the current user when a victim opens a crafted file. Several advisories document the issue across distros and provide patches: Debian bullseye 2....
CVE-2021-36057
CVE-2021-36057 affects the XMP Toolkit SDK 2020.1 and earlier. The vulnerability is a write-what-where condition during the application’s memory allocation, which can cause mismatches in memory management and lead to local denial of service in the context of the current user. The issue is confirm...
CVE-2025-30306
CVE-2025-30306 refers to an out-of-bounds read in Adobe XMP Toolkit (versions 2023.12 and earlier). The vulnerability could disclose sensitive memory and potentially bypass mitigations such as ASLR; exploitation requires user interaction (victim opens a malicious file). Multiple connected sources...
CVE-2021-36051
CVE-2021-36051 is a heap-based buffer overflow in Exempi (XMP Toolkit SDK 2020.1 and earlier) that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a crafted file, e.g., .cpp). Affected component: exempi (XMP Toolkit). P...
CVE-2021-36047
CVE-2021-36047 affects the Exempi/XMP Toolkit SDK (version 2020.1 and earlier). The issue is described as an Improper Input Validation vulnerability that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a crafted...
CVE-2021-36048
CVE-2021-36048 affects XMP Toolkit SDK 2020.1 and earlier and is due to Improper Input Validation, potentially leading to arbitrary code execution in the context of the current user. Exploitation requires the victim to open a crafted file (user interaction). Public references in connected documen...
CVE-2021-36058
CVE-2021-36058 affects the XMP Toolkit SDK (Exempi) up to version 2020.1 and earlier. The underlying issue is an Integer Overflow in Exempi, which can lead to an application-level denial of service in the context of the current user when a victim opens a crafted file. Exploitation requires user i...
CVE-2025-30308
CVE-2025-30308 concerns the XMP Toolkit (versions 2023.12 and earlier) with an out-of-bounds read that can disclose memory and potentially bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). Adobe’s APSB25-34 security update addresses this vulnerability in XMP Too...
CVE-2025-30309
Summary of CVE-2025-30309 : XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read that can disclose memory and bypass mitigations like ASLR. Exploitation requires user interaction (a victim must open a malicious file). Affected software is the Adobe XMP Toolkit family; mu...