Debian alert DLA-4337-1 (svgpp)

From:
             
 
Thorsten Alteholz <debian@alteholz.de>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 4337-1] svgpp security update
Date:
             
 
Fri, 17 Oct 2025 17:11:43 +0000
Message-ID:
             
 
<a6952167-1095-19b8-8cb7-7529152e6e5@alteholz.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4337-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
October 17, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : svgpp
Version        : 1.3.0+dfsg1-4+deb11u1
CVE ID         : CVE-2021-44960


An issues has been found in svgpp: a C++ library for parsing and rendering 
Scalable Vector Graphics (SVG) files.

The XMLDocument::getRoot function in the renderDocument function handled 
the XMLDocument object improperly.
Specifically, it returned a null pointer prematurely at the second if 
statement, resulting in a null pointer reference behind the 
renderDocument function.


For Debian 11 bullseye, this problem has been fixed in version
1.3.0+dfsg1-4+deb11u1.

We recommend that you upgrade your svgpp packages.

For the detailed security status of svgpp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/svgpp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmjyeM9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdmLA/+Kw3asBGvWSkp9hd2WqXzCkDN1Y0ourTiVdsBp95QUTnPURkhLaH7Go5I
9PP/G3+8gOfvCIGcl5kw3Jm4i37+8qCKM9aUpOX6K+EoVlg9pNUCgVlc0iuDTdfG
rrk193HOdUSDsRQHrsYZsFKQNPDzWGeXWCnL+ZYOMoqg7fayfcCpifU4JeBofOGe
S9igGpzeEleX7ffkFTbw8Lmp8LftrIvho1dtm7pIwlabcXGf+ERmY+kJh67yvBjp
pOu3Q2ootxXb12f1C12AFsDGQDSXWhgybKinrKzNV0L/0bJJM8DZvWoSxZgiHfXF
+eCBRiFXXiK/n7bynqaIchJ3Yy0chpVHNBq888zT17tyd/OTw1LEXFV1DfyHdTdD
f7pGFSXZT1xr9koeoEGoOuSEIDp16ABlPLAmagRVBKYwPSBRQWfzJTNmMz2YdoI2
IGxGxydG7KMzs+el/gmEvzADAlXwtEqFyugDxSVOOgukQXcV43gZzOuipk+Ee/OV
jPkgRX/e0h/QbbKMPVueq2N9mNgYlb47sJ9o5MSI4EVG8C8CHqHIXmqE7umf8IAR
D+eHoQoBwyUGTG7YbiH15IDsob1TzNkEXCnAFeeSyr8AeS3mQx+YiNx2SS0scK50
d9ltbr9fxdufukw2RI0BS4AYouS7iiQhTzzsSlayHHU5Y1RN5yk=
=1pow
-----END PGP SIGNATURE-----