CVE-2021-36046 – CVE-2021-36046 is a memory corruption vulnerabi... (How to Fix)

Q: What is the severity of CVE-2021-36046?

CVE-2021-36046 has a CVSS score of 7.8 (HIGH). CVE-2021-36046 is a memory corruption vulnerability in Adobe XMP Toolkit versions 2020.1 and earlier that could allow arbitrary code execution when processing malicious XMP metadata. This affects any application or system using vulnerable XMP Toolkit libraries to handle metadata in files like PDFs, images, or documents. User interaction is required to trigger the vulnerability, typically by opening a malicious file.

📋 TL;DR

CVE-2021-36046 is a memory corruption vulnerability in Adobe XMP Toolkit versions 2020.1 and earlier that could allow arbitrary code execution when processing malicious XMP metadata. This affects any application or system using vulnerable XMP Toolkit libraries to handle metadata in files like PDFs, images, or documents. User interaction is required to trigger the vulnerability, typically by opening a malicious file.

💻 Affected Systems

Products:

Adobe XMP Toolkit
Applications using XMP Toolkit libraries
Debian packages with vulnerable XMP libraries

Versions: 2020.1 and earlier versions

Operating Systems: Windows, Linux, macOS, Any OS running affected applications

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any application that uses XMP Toolkit to parse metadata, including various Adobe products and third-party applications incorporating the library.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Xmp Toolkit Software Development Kit by Adobe

View all CVEs affecting Xmp Toolkit Software Development Kit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or application crash when processing specially crafted files containing malicious XMP metadata.

🟢

If Mitigated

Application crash without code execution if memory protections like ASLR/DEP are effective, or blocked file processing if security controls prevent malicious file execution.

🌐 Internet-Facing: MEDIUM - Requires user to download and open malicious files, but common in web applications processing uploaded media files.

🏢 Internal Only: MEDIUM - Similar risk profile as internet-facing, dependent on user behavior with files from untrusted sources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious files. Memory corruption vulnerabilities can be challenging to exploit reliably across different environments.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: XMP Toolkit SDK 2021.07 or later

Vendor Advisory: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html

Restart Required: Yes

Instructions:

1. Identify applications using XMP Toolkit. 2. Update to XMP Toolkit SDK 2021.07 or later. 3. For Adobe products, apply latest security updates. 4. For Linux distributions, apply security updates via package manager. 5. Restart affected applications/services.

🔧 Temporary Workarounds

Restrict file processing

all

Configure applications to block or sandbox processing of untrusted files containing XMP metadata

Application hardening

all

Enable DEP, ASLR, and other memory protection mechanisms

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized applications
Use network segmentation to isolate systems processing untrusted files

🔍 How to Verify

Check if Vulnerable:

Check XMP Toolkit version in applications or system libraries. On Linux: dpkg -l | grep -i xmp or rpm -qa | grep -i xmp. On Windows: Check installed programs for Adobe XMP SDK.

Check Version:

For Linux packages: dpkg -l libexempi* or rpm -q exempi. For applications: Check vendor documentation for version information.

Verify Fix Applied:

Verify XMP Toolkit version is 2021.07 or later. Test with sample files containing XMP metadata to ensure proper processing.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing files
Unexpected memory access errors in application logs
Security software alerts for memory corruption attempts

Network Indicators:

File downloads followed by application crashes
Unusual outbound connections after file processing

SIEM Query:

EventID=1000 OR EventID=1001 AND Source contains 'application_name' AND Description contains 'access violation' OR 'memory corruption'

📊 Metadata

CVE ID: CVE-2021-36046

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-788

Published: September 1, 2021

Last Updated: November 3, 2025

🔗 References

https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html Patch,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html Mailing List,Third Party Advisory
https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html Patch,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36046, you might also want to check these: