CVE-2021-36057

Name of the Vulnerable Software and Affected Versions XMP Toolkit SDK versions 2020.1 and earlier

Description The issue is related to a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched, resulting in local application denial of service in the context of the current user. The vulnerability can be exploited by opening a specially crafted file, potentially allowing an attacker to execute arbitrary code in the context of the current user.

Recommendations For XMP Toolkit SDK versions 2020.1 and earlier, consider applying configuration changes to restrict memory allocation and prevent potential exploitation until a patch is available. As a temporary workaround, avoid opening suspicious or specially crafted files with the affected software to minimize the risk of denial of service or arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.