CVE-2021-36053

CVE Database · CVE-2021-36053

CVE-2021-36053

· LOWModified

CVSS v3.1

3.3

EPSS

1.83%

Published

Sep 1, 2021

Modified

Nov 3, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-125CWE-125

Affected Products (2)

adobe · xmp_toolkit_software_development_kitvulnerable

debian · debian_linuxvulnerable

References (5)

https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html

Mailing ListThird Party Advisory

https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html

KEV Catalog EPSS Scores Vendors All CVEs