Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-42528

Опубликовано: 02 мая 2022
Источник: debian
EPSS Низкий

Описание

XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
exempifixed2.6.0-1package

Примечания

  • https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html

  • https://github.com/adobe/XMP-Toolkit-SDK/commit/16e53564ae6c2689387479c04770f492075d5b7b (v2021.08)

  • https://cgit.freedesktop.org/exempi/commit/?h=adobe-sdk&id=16e53564ae6c2689387479c04770f492075d5b7b (2.6.0)

EPSS

Процентиль: 31%
0.00119
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-42528

CVSS3: 5.5
ubuntu
почти 4 года назад

XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

nvd логотип

CVE-2021-42528

CVSS3: 5.5
nvd
почти 4 года назад

XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

github логотип

GHSA-mpvq-c99j-qj2v

CVSS3: 5.5
github
почти 4 года назад

XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

fstec логотип

BDU:2022-02224

CVSS3: 5.5
fstec
больше 4 лет назад

Уязвимость программного обеспечения Adobe XMP-Toolkit-SDK, связанная с разыменованием указателя NULL, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 31%
0.00119
Низкий