admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-407xx/CVE-2021-40732.json
cad-safe-bot d413ba2f8c Auto-Update: 2023-09-26T02:00:25.130184+00:00
2023-09-26 02:00:29 +00:00

130 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-40732",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-10-13T17:15:07.603",
"lastModified": "2023-09-26T01:15:50.393",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file."
},
{
"lang": "es",
"value": "XMP Toolkit versi\u00f3n 2020.1 (y anteriores), est\u00e1 afectada por una vulnerabilidad de desreferencia de puntero null que podr\u00eda resultar en un filtrado de datos de determinadas ubicaciones de memoria y causar una denegaci\u00f3n de servicio local en el contexto del usuario actual. Es requerida una interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que la v\u00edctima tendr\u00e1 que abrir un archivo MXF especialmente dise\u00f1ado"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:xmp_toolkit_software_development_kit:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2021.07",
"matchCriteriaId": "A3EDDBF7-CFE9-4D16-86F6-ABC565470620"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html",
"source": "psirt@adobe.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
"source": "psirt@adobe.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink