Bulletin ID
Security Updates Available for Adobe SVG-Native-Viewer | APSB21-72
|
Date Published |
Priority |
---|---|---|
APSB21-75 |
September 14, 2021 |
3 |
Summary
Adobe has released a security update for SVG-Native-Viewer Library. This update addresses a critical vulnerability that could lead to arbitrary code execution in the context of the current user.
Affected versions
Product |
Affected version |
Platform |
Adobe SVG-Native-Viewer |
Linux |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest.
Product |
Updated version |
Platform |
Priority rating |
Availability |
Adobe SVG-Native-Viewer |
Linux |
3 |
Vulnerability Details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
---|---|---|---|---|---|
Heap-based Buffer Overflow (CWE-122) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-39823 |
Acknowledgments
Adobe would like to thank CFF of Topsec Alpha Team (cff_123) for reporting these issues and for working with Adobe to help protect our customers.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.