CVE-2021-36047: 
Linux Debian vulnerability analysis and mitigation

XMP Toolkit SDK version 2020.1 and earlier versions are affected by an Improper Input Validation vulnerability (CVE-2021-36047). The vulnerability was discovered in the Exempi library, which is an implementation of XMP (Extensible Metadata Platform). This security flaw requires user interaction, specifically opening a crafted file to trigger the exploitation (Debian Security).

The vulnerability has been classified as an Improper Input Validation issue with a CVSS v3.1 score of 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). This indicates a high severity rating with local access vector, low attack complexity, no privileges required, and user interaction required (Adobe Security).

If successfully exploited, this vulnerability could potentially result in arbitrary code execution in the context of the current user. The impact is significant as it could allow attackers to execute malicious code with the same privileges as the application user (Debian LTS).

Multiple vendors have released patches to address this vulnerability. Ubuntu has released security updates across multiple versions including Ubuntu 22.04 LTS, 21.10, 20.04 LTS, and 18.04 ESM (Ubuntu Security). Debian has also addressed this issue with version 2.5.0-2+deb10u1 for Debian 10 buster, while newer versions (2.6.3-1 in bookworm and 2.6.5-1 in sid/trixie) include the fix (Debian Security).