CVE-2021-42521

Published: Aug 25, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.

Affected (1)

Products: Vtk: Vtk

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vtk Vtk	Up to 9.0.0

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (6)

https://discourse.vtk.org/t/vtk-9-2-5-is-out/10549

Source: patrick@puiterwijk.org

https://gitlab.kitware.com/vtk/vtk/issues/17818

Source: patrick@puiterwijk.org

ExploitIssue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCTMSAAVP4BW2HTZLDWMGKZ2WEC5OFLK/

Source: patrick@puiterwijk.org

https://discourse.vtk.org/t/vtk-9-2-5-is-out/10549

Source: af854a3a-2127-422b-91ae-364da2661108

https://gitlab.kitware.com/vtk/vtk/issues/17818

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCTMSAAVP4BW2HTZLDWMGKZ2WEC5OFLK/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.