CVE-2021-40732: 
Linux Debian vulnerability analysis and mitigation

XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) with a CVSS v3.1 Base Score of 6.1 (Medium) and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H. The CVSS score indicates local access is required, with low attack complexity, no privileges needed, and user interaction required. The impact includes low confidentiality impact and high availability impact, with no integrity impact (NVD).

The vulnerability can lead to leaking data from certain memory locations and cause a local denial of service in the context of the current user. The exploitation could result in disclosure of sensitive information and system unavailability (NVD).

The vulnerability has been fixed in subsequent versions after XMP Toolkit 2020.1. Various Linux distributions have released security updates to address this vulnerability. For example, Debian 10 (Buster) has fixed this issue in version 2.5.0-2+deb10u1 of the exempi package (Debian LTS).