ByteOS Network

NVD Vulnerability Details :

CVE-2021-3596

Modified

Source-secalert@redhat.com

Published At-24 Feb, 2022 | 19:15

Updated At-11 Mar, 2023 | 23:15

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-476	Primary	nvd@nist.gov
CWE-476	Secondary	secalert@redhat.com

References

Hyperlink	Source	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1970569	secalert@redhat.com	Issue Tracking Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/2624	secalert@redhat.com	Exploit Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00018.html	secalert@redhat.com	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html	secalert@redhat.com	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History