CVE-2021-40716 — Vulnetix

CVE-2021-40716 PUBLISHED CVSS 5.5 MEDIUM

XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

EPSS 0.25% · 48.8th percentile

Risk Scores

CVSS v3.0

5.5

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score

0.25%

48.8th percentile

Affected Products

Vendor	Product	Versions
Adobe	XMP Toolkit	unspecified, *
adobe	xmp_toolkit_software_development_kit	0
debian	debian_linux	10.0

Timeline

Sep 29, 2021 CVE Published
Sep 30, 2021 EPSS Score
Oct 8, 2021 EPSS Score
Nov 26, 2021 EPSS Score
Jan 22, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 20, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jul 11, 2022 EPSS Score
Sep 7, 2022 EPSS Score
Nov 3, 2022 EPSS Score
Dec 30, 2022 EPSS Score

References

https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html url
[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update mailing-list
https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html url
https://nvd.nist.gov/vuln/detail/CVE-2021-40716 advisory

Open in Interactive Console →