=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN478
_____________________________________________________________________

DATE                : 15/09/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Linux running Adobe SVG-Native-Viewer.

=====================================================================
https://helpx.adobe.com/security/products/svg-native-viewer/apsb21-72.html
_____________________________________________________________________


Last updated on Sep 14, 2021

Security Updates Available for Adobe SVG-Native-Viewer | APSB21-72

Bulletin ID      Date Published         Priority

APSB21-75        September 14, 2021     3


Summary

Adobe has released a security update for SVG-Native-Viewer Library. This
update addresses a  critical vulnerability that could lead to arbitrary
code execution in the context of the current user.


Affected versions

Product                   Affected version               Platform

Adobe SVG-Native-Viewer
https://github.com/adobe/svg-native-viewer/commit/8182d14dfad5d1e10f53ed830328d7d9a3cfa96d
and earlier versions
	Linux


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest.


Product   Updated version    Platform    Priority rating    Availability

Adobe SVG-Native-Viewer
https://github.com/adobe/svg-native-viewer/commit/b79ecc37b2572b27aa8ff93de67ffa55828e4df8
	Linux           3            Release Note 


Vulnerability Details

Vulnerability Category     Vulnerability Impact      Severity
CVSS base score        CVSS vector       CVE Number

Heap-based Buffer Overflow (CWE-122)    Arbitrary code execution
Critical       7.8     CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-39823


Acknowledgments

Adobe would like to thank CFF of Topsec Alpha Team (cff_123) for
reporting these issues and for working with Adobe to help protect our
customers.

For more information, visit https://helpx.adobe.com/security.html, or
email PSIRT@adobe.com.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================