PT-2022-12266 · Svgpp+3 · Svg+++3
Cvjark
·
Published
2022-02-15
·
Updated
2025-10-17
·
CVE-2021-44960
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SVGPP SVG++ library version 1.3.0
Description
The XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance, resulting in a null pointer reference. This issue is related to the
XMLDocument object and the renderDocument function, specifically the getRoot function within it. No information is provided about the estimated number of potentially affected devices or real-world incidents.Recommendations
For SVGPP SVG++ library version 1.3.0, consider disabling the
renderDocument function or restricting its use until a patch is available to prevent null pointer references. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Linuxmint
Svg++
Ubuntu