Cyber Resilience

CVE-2021-39823

High

Published: 27 September 2021

Published
27 September 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.1865 95.4th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-39823 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Adobe Svg-Native-Viewer. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required…

more

to exploit this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

adobe
svg-native-viewer
≤ 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References