===================================================================== CERT-Renater Note d'Information No. 2021/VULN477 _____________________________________________________________________ DATE : 15/09/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Adobe XMP Toolkit SDK versions prior to 2021.08. ===================================================================== https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html _____________________________________________________________________ Last updated on Sep 14, 2021 Security Updates Available for Adobe XMP Toolkit SDK | APSB21-85 Bulletin ID Date Published Priority APSB21-85 September 14, 2021 3 Summary Adobe has released updates for XMP Toolkit SDK. These updates resolve an  important vulnerability. Successful exploitation could lead to arbitrary file system read  in the context of the current user.                    Affected versions Product Affected version Platform Adobe XMP-Toolkit-SDK 2021.07 and earlier versions All Solution Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest. Product Updated version Platform Priority rating Availability Adobe XMP-Toolkit-SDK   2021.08 All 3 Release Note  Vulnerability Details Vulnerability Category Vulnerability Impact Severity CVSS base score  CVSS vector CVE Number Out-of-bounds Read (CWE-125) Arbitrary file system read Important 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-40716 Acknowledgments Adobe would like to thank CQY of Topsec Alpha Team (yjdfy) for reporting these issues and for working with Adobe to help protect our customers. For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================