CVE-2021-36057 MEDIUM

CVE-2021-36057: XMP Toolkit SDK Write-What-Where Condition Could Lead To Local Application Denial Of Service

Vendor Adobe
Product XMP Toolkit
Weakness CWE-123
Published September 1, 2021
Last update November 3, 2025

CVSS base score

4.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user.

Key dates

02Disclosure timeline

September 1, 2021 CVE published
November 3, 2025 Record updated