Vulnerability Description
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Xmp Toolkit Software Development Kit | <= 2020.1 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://helpx.adobe.com/security/products/xmpcore/apsb21-65.htmlPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00032.htmlMailing List
- https://helpx.adobe.com/security/products/xmpcore/apsb21-65.htmlPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/09/msg00032.htmlMailing List
- https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html
FAQ
What is CVE-2021-36057?
CVE-2021-36057 is a vulnerability with a CVSS score of 3.3 (LOW). XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management f...
How severe is CVE-2021-36057?
CVE-2021-36057 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36057?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Xmp Toolkit Software Development Kit, Debian Debian Linux.