Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:224967
[Rus]
Version
1
Class
patch
ALTXid
452038
Language
English
Severity
High
Title
DLA-3585-1 -- exempi security update
Description
Multiple vulneratibilities were found in exempi, an implementation of XMP (Extensible Metadata Platform).
Family
unix
Platform
Debian 10
Product
exempi
Reference
VENDOR: DLA-3585-1
VENDOR: DLA-3585-1
Id:
DLA-3585-1
Reference:
https://lists.debian.org/debian-lts-announce/2023/debian-lts-announce-202309/msg00032.html
CVE: CVE-2020-18651
CVE: CVE-2020-18651
Id:
CVE-2020-18651
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18651
Comment
: Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://gitlab.freedesktop.org/libopenraw/exempi/issues/13 (MISC)
https://gitlab.freedesktop.org/libopenraw/exempi/commit/fdd4765a699f9700850098b43b9798b933acb32f (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2020-18652
CVE: CVE-2020-18652
Id:
CVE-2020-18652
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18652
Comment
: Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7 (MISC)
https://gitlab.freedesktop.org/libopenraw/exempi/issues/12 (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36045
CVE: CVE-2021-36045
Id:
CVE-2021-36045
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36045
Comment
: XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
3.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36046
CVE: CVE-2021-36046
Id:
CVE-2021-36046
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36046
Comment
: XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36047
CVE: CVE-2021-36047
Id:
CVE-2021-36047
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36047
Comment
: XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36048
CVE: CVE-2021-36048
Id:
CVE-2021-36048
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36048
Comment
: XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36050
CVE: CVE-2021-36050
Id:
CVE-2021-36050
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36050
Comment
: XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36051
CVE: CVE-2021-36051
Id:
CVE-2021-36051
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36051
Comment
: XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36052
CVE: CVE-2021-36052
Id:
CVE-2021-36052
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36052
Comment
: XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
788 (Access of Memory Location After End of Buffer)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36053
CVE: CVE-2021-36053
Id:
CVE-2021-36053
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36053
Comment
: XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
3.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36054
CVE: CVE-2021-36054
Id:
CVE-2021-36054
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36054
Comment
: XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
3.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE:
787 (Out-of-bounds Write)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36055
CVE: CVE-2021-36055
Id:
CVE-2021-36055
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36055
Comment
: XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36056
CVE: CVE-2021-36056
Id:
CVE-2021-36056
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36056
Comment
: XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
122 (Heap-based Buffer Overflow)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36057
CVE: CVE-2021-36057
Id:
CVE-2021-36057
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36057
Comment
: XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
123 (Write-what-where Condition)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36058
CVE: CVE-2021-36058
Id:
CVE-2021-36058
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36058
Comment
: XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-36064
CVE: CVE-2021-36064
Id:
CVE-2021-36064
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36064
Comment
: XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
124 (Buffer Underwrite ('Buffer Underflow'))
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-39847
CVE: CVE-2021-39847
Id:
CVE-2021-39847
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39847
Comment
: XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
121 (Stack-based Buffer Overflow)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-40716
CVE: CVE-2021-40716
Id:
CVE-2021-40716
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40716
Comment
: XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-40732
CVE: CVE-2021-40732
Id:
CVE-2021-40732
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40732
Comment
: XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSSv3 Score:
6.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-42528
CVE: CVE-2021-42528
Id:
CVE-2021-42528
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42528
Comment
: XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-42529
CVE: CVE-2021-42529
Id:
CVE-2021-42529
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42529
Comment
: XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
121 (Stack-based Buffer Overflow)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-42530
CVE: CVE-2021-42530
Id:
CVE-2021-42530
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42530
Comment
: XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
121 (Stack-based Buffer Overflow)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-42531
CVE: CVE-2021-42531
Id:
CVE-2021-42531
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42531
Comment
: XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
121 (Stack-based Buffer Overflow)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
CVE: CVE-2021-42532
CVE: CVE-2021-42532
Id:
CVE-2021-42532
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42532
Comment
: XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
121 (Stack-based Buffer Overflow)
References:
https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html (MISC)
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update (MLIST)
Content available only for registered users!
ovaldb@altx-soft.com