XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper
Input Validation vulnerability potentially resulting in arbitrary code
execution in the context of the current user. Exploitation requires user
interaction in that a victim must open a crafted file.
Author | Note |
---|---|
mdeslaur | fixed in adobe’s 2021.07 code drop |
gitlab.freedesktop.org/libopenraw/exempi/-/releases
helpx.adobe.com/security/products/xmpcore/apsb21-65.html
launchpad.net/bugs/cve/CVE-2021-36048
nvd.nist.gov/vuln/detail/CVE-2021-36048
security-tracker.debian.org/tracker/CVE-2021-36048
ubuntu.com/security/notices/USN-5483-1
www.cve.org/CVERecord?id=CVE-2021-36048