CVE-2021-36048

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-36048

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36048.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-36048

Related

Published

2021-09-01T15:15:10Z

Modified

2024-10-12T07:52:04.649350Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

References

Affected packages

Debian:11 / exempi

Package

Name: exempi
Purl: pkg:deb/debian/exempi?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.2-1

2.6.0-1

2.6.1-1

2.6.1-2

2.6.2-1

2.6.2-2

2.6.3-1

2.6.4-1

2.6.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / exempi

Package

Name: exempi
Purl: pkg:deb/debian/exempi?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / exempi

Package

Name: exempi
Purl: pkg:deb/debian/exempi?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/adobe/xmp-toolkit-sdk

Affected ranges

Type: GIT
Repo: https://github.com/adobe/xmp-toolkit-sdk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

42eb5267d1ffc1d22066438599a9e2dec020d9ca

Affected versions

v2020.*

v2020.1