{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-44960", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2023-04-01T00:00:00", "dateReserved": "2021-12-13T00:00:00", "datePublished": "2022-02-15T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-04-01T00:00:00"}, "descriptions": [{"lang": "en", "value": "In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/svgpp/svgpp/issues/101"}, {"url": "https://github.com/svgpp/svgpp/issues/101.aa"}, {"name": "[debian-lts-announce] 20230401 [SECURITY] [DLA 3376-1] svgpp security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00001.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:svgpp:svgpp:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "0191EAF3-1028-4C2E-8FA3-7A0D21F3FB3B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function."}, {"lang": "es", "value": "En SVGPP SVG++ library versi\u00f3n 1.3.0, la funci\u00f3n XMLDocument::getRoot en la funci\u00f3n renderDocument manejaba el objeto XMLDocument inapropiadamente, devolviendo un puntero null por adelantado en el segundo if, resultando en una referencia de puntero nulo tras la funci\u00f3n renderDocument"}], "id": "CVE-2021-44960", "lastModified": "2023-04-01T18:15:07.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-15T16:15:08.460", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/svgpp/svgpp/issues/101"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/svgpp/svgpp/issues/101.aa"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00001.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}