CVE-2021-36045: 
Linux Debian vulnerability analysis and mitigation

XMP Toolkit SDK versions 2020.1 and earlier contain an out-of-bounds read vulnerability (CVE-2021-36045) that could lead to disclosure of arbitrary memory. The vulnerability was discovered and disclosed on September 1, 2021, affecting the Exempi library, which is an implementation of XMP (Extensible Metadata Platform) (Ubuntu Security).

The vulnerability is classified as a low severity issue with a CVSS 3.1 base score of 3.3. The attack vector is local, requiring low attack complexity and no privileges, but does need user interaction. The vulnerability has an unchanged scope with low confidentiality impact and no impact on integrity or availability. The complete vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (Ubuntu Security).

The exploitation of this vulnerability could allow attackers to bypass security mitigations such as ASLR (Address Space Layout Randomization) through the disclosure of arbitrary memory. However, successful exploitation requires user interaction, specifically opening a malicious file (Ubuntu Security).

The vulnerability has been fixed in multiple Ubuntu versions: Ubuntu 22.04 LTS (2.5.2-1ubuntu0.22.04.1), Ubuntu 21.10 (2.5.2-1ubuntu0.21.10.1), Ubuntu 20.04 LTS (2.5.1-1ubuntu0.1), and Ubuntu 18.04 LTS (2.4.5-2ubuntu0.1). Users are advised to update their systems to these patched versions (Ubuntu Notice).