adobe xmp-toolkit-software-development-kit CVE-2021-36046 in Adobe and Debian Products
Published on September 1, 2021

XMP Toolkit SDK TIFF_MemoryReader::SortIFD function Memory Corruption

product logo product logo
XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

NVD

Weakness Type

Access of Memory Location After End of Buffer

The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. This typically occurs when a pointer or its index is decremented to a position before the buffer; when pointer arithmetic results in a position before the buffer; or when a negative index is used, which generates a position before the buffer.


Products Associated with CVE-2021-36046

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-36046 are published in these products:

Adobe Xmp Toolkit Software Development Kit
 
Debian Linux
 

Affected Versions

Adobe XMP Toolkit:

Exploit Probability

EPSS
0.35%
Percentile
57.15%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.