CVE-2021-39823

Name of the Vulnerable Software and Affected Versions Adobe svg-native-viewer versions 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier

Description The issue is related to a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file. This could potentially result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. The vulnerability can be exploited by a remote attacker using a specially crafted file, potentially allowing them to execute arbitrary code.

Recommendations For Adobe svg-native-viewer versions 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier, consider avoiding the use of .svg files from untrusted sources until a patch is available. As a temporary workaround, restrict the handling of .svg files to minimize the risk of exploitation.