Adobe Security Bulletin

Security Updates Available for Adobe SVG-Native-Viewer | APSB21-72   

Bulletin ID

Date Published

Priority

APSB21-75

September 14, 2021

3

Summary

Adobe has released a security update for SVG-Native-Viewer Library. This update addresses a  critical vulnerability that could lead to arbitrary code execution in the context of the current user.                            

Affected versions

Product

Affected version

Platform

Adobe SVG-Native-Viewer  

Linux

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest. 

Product

Updated version

Platform

Priority rating

Availability

Adobe SVG-Native-Viewer    

Linux

3

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Number

Heap-based Buffer Overflow (CWE-122)

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-39823

Acknowledgments

Adobe would like to thank CFF of Topsec Alpha Team (cff_123) for reporting these issues and for working with Adobe to help protect our customers.


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

Logo Adobe

Prihláste sa do svojho účtu