CVE-2021-36057

low-risk

Published 2021-09-01

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.3/10 Low

LOCAL / LOW complexity

Affected Products (2)

Xmp Toolkit Software Development Kit

Debian Linux

Affected Vendors

Debian Adobe

References (5)

Patch https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html

Mailing List https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html

Patch https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html

Mailing List https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html

https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 7/34 · Low