Lucene search

AdobeCVELIST:CVE-2021-39823

HistorySep 27, 2021 - 3:42 p.m.

CVE-2021-39823 svg-native-viewer Heap Buffer overflow Vulnerability

2021-09-2715:42:06

CWE-122

adobe

www.cve.org

adobe

svg-native-viewer

heap buffer overflow

vulnerability

insecure handling

malicious .svg

arbitrary code execution

user interaction

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.1%

JSON

Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

CNA Affected

[
  {
    "product": "SVG Native Viewer",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "8182d14dfad5d1e10f53ed830328d7d9a3cfa96d",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/svg-native-viewer/apsb21-72.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.1%

JSON

Related for CVELIST:CVE-2021-39823