CVE-2021-36048

HIGH

XMP Toolkit SDK < 2020.1 - Arbitrary Code Execution via Crafted File

Title source: llm

Description

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

References (3)

Core 3

Core References

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html

Patch, Vendor Advisory

https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html

Mailing List

https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html

Scores

CVSS v3 7.8

EPSS 0.0272

EPSS Percentile 84.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (2)

adobe/xmp_toolkit_software_development_kit < 2020.1

debian/debian_linux 10.0

Published Sep 01, 2021

Tracked Since Feb 18, 2026