===================================================================== CERT-Renater Note d'Information No. 2021/VULN573 _____________________________________________________________________ DATE : 27/10/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Adobe XMP Toolkit SDK versions prior to 2021.08 . ===================================================================== https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html _____________________________________________________________________ Last updated on Oct 26, 2021 Security Updates Available for Adobe XMP Toolkit SDK | APSB21-108 Bulletin ID Date Published Priority APSB21-108 October 26, 2021 2 Summary Adobe has released updates for XMP-Toolkit-SDK. These updates resolve critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution and application denial of service.                        Affected versions Product Affected version Platform Adobe XMP-Toolkit-SDK 2021.07 and earlier versions All Solution Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest. Product Updated version Platform Priority rating Availability Adobe XMP-Toolkit-SDK   2021.08 All 3 Release Notes  Vulnerability Details Vulnerability Category Vulnerability Impact Severity CVSS base score  CVSS vector CVE Number NULL Pointer Dereference (CWE-476) Application denial-of-service Important 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-42528 Stack-based Buffer Overflow (CWE-121) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-42529 Stack-based Buffer Overflow (CWE-121) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-42530 Stack-based Buffer Overflow (CWE-121) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-42531 Stack-based Buffer Overflow (CWE-121) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-42532 Acknowledgments Adobe would like to thank (hy350) HY350 of Topsec Alpha Team for reporting these issues and for working with Adobe to help protect our customers.  (hy350) HY350 of Topsec Alpha Team CVE-2021-42532; CVE-2021-42531; CVE-2021-42530; CVE-2021-42529; CVE-2021-42528 For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================