{"id":"CVE-2021-3596","details":"A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.","modified":"2026-05-15T12:04:20.084954835Z","published":"2022-02-24T19:15:09.063Z","related":["CGA-xhhg-f9c3-7wq9"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"9.0"}],"source":"CPE_FIELD","vendor_product":"debian:debian_linux"},{"cpes":["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"34"}],"source":"CPE_FIELD","vendor_product":"fedoraproject:fedora"},{"cpes":["cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"5.0"},{"last_affected":"6.0"},{"last_affected":"7.0"}],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux"}]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00018.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970569"},{"type":"REPORT","url":"https://github.com/ImageMagick/ImageMagick/issues/2624"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}