DEBIAN-CVE-2021-42521

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2021-42521

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-42521.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2021-42521

Upstream

CVE-2021-42521

Published

2022-08-25T18:15:09.140Z

Modified

2025-11-20T10:15:46.700734Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.

References

https://security-tracker.debian.org/tracker/CVE-2021-42521

Affected packages

Debian:11

vtk6

Package

Name: vtk6
Purl: pkg:deb/debian/vtk6?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.3.0+dfsg2-8.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-42521.json"

vtk7

Package

Name: vtk7
Purl: pkg:deb/debian/vtk7?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.1.1+dfsg2-8

7.1.1+dfsg2-8+hurd.1

7.1.1+dfsg2-9

7.1.1+dfsg2-10

7.1.1+dfsg2-10+hurd.1

7.1.1+dfsg2-10.1

7.1.1+dfsg2-10.1+hurd.1

7.1.1+dfsg2-10.1+hurd.2

7.1.1+dfsg2-10.1+hurd.3

7.1.1+dfsg2-10.2

7.1.1+dfsg2-10.3

7.1.1+dfsg2-10.3+hurd.1

7.1.1+dfsg2-10.3+hurd.2

7.1.1+dfsg3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-42521.json"

vtk9

Package

Name: vtk9
Purl: pkg:deb/debian/vtk9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.0.1+dfsg1-8

9.0.3+dfsg1-1

9.0.3+dfsg1-2

9.0.3+dfsg1-2.1

9.0.3+dfsg1-2.1+hurd.1

9.0.3+dfsg1-2.1+hurd.2

9.0.3+dfsg1-3

9.1.0+dfsg1-1

9.1.0+dfsg2-1

9.1.0+dfsg2-2

9.1.0+really9.0.3+dfsg1-3

9.1.0+really9.0.3+dfsg1-4

9.1.0+really9.0.3+dfsg1-4+hurd.1

9.1.0+really9.1.0+dfsg2-3~exp1

9.1.0+really9.1.0+dfsg2-3~exp2

9.1.0+really9.1.0+dfsg2-3

9.1.0+really9.1.0+dfsg2-4

9.1.0+really9.1.0+dfsg2-5

9.1.0+really9.1.0+dfsg2-6

9.1.0+really9.1.0+dfsg2-7

9.1.0+really9.1.0+dfsg2-7.1

9.1.0+really9.1.0+dfsg2-8

9.2.6+dfsg1-1+exp1

9.2.6+dfsg1-1+exp2

9.3.0+dfsg1-1~exp1

9.3.0+dfsg1-1~exp2

9.3.0+dfsg1-1~exp3

9.3.0+dfsg1-1~exp4

9.3.0+dfsg1-1

9.3.0+dfsg1-1.1

9.3.0+dfsg1-2

9.3.0+dfsg1-3

9.3.0+dfsg1-3+hurd.1

9.3.0+dfsg1-4

9.3.0+dfsg1-4+m68k

9.3.0+dfsg1-4.1+hurd.1

9.3.0+dfsg1-5

9.3.0+dfsg1-6

9.3.0+dfsg1-7

9.5.2+dfsg1-1~exp1

9.5.2+dfsg2-1~exp1

9.5.2+dfsg2-1~exp2

9.5.2+dfsg2-1~exp3

9.5.2+dfsg2-1~exp4

9.5.2+dfsg2-1

9.5.2+dfsg2-2

9.5.2+dfsg2-3

9.5.2+dfsg2-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-42521.json"

Debian:12

vtk9

Package

Name: vtk9
Purl: pkg:deb/debian/vtk9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.1.0+really9.1.0+dfsg2-5

9.1.0+really9.1.0+dfsg2-5+deb12u1

9.1.0+really9.1.0+dfsg2-6

9.1.0+really9.1.0+dfsg2-7

9.1.0+really9.1.0+dfsg2-7.1

9.1.0+really9.1.0+dfsg2-8

9.2.6+dfsg1-1+exp1

9.2.6+dfsg1-1+exp2

9.3.0+dfsg1-1~exp1

9.3.0+dfsg1-1~exp2

9.3.0+dfsg1-1~exp3

9.3.0+dfsg1-1~exp4

9.3.0+dfsg1-1

9.3.0+dfsg1-1.1

9.3.0+dfsg1-2

9.3.0+dfsg1-3

9.3.0+dfsg1-3+hurd.1

9.3.0+dfsg1-4

9.3.0+dfsg1-4+m68k

9.3.0+dfsg1-4.1+hurd.1

9.3.0+dfsg1-5

9.3.0+dfsg1-6

9.3.0+dfsg1-7

9.5.2+dfsg1-1~exp1

9.5.2+dfsg2-1~exp1

9.5.2+dfsg2-1~exp2

9.5.2+dfsg2-1~exp3

9.5.2+dfsg2-1~exp4

9.5.2+dfsg2-1

9.5.2+dfsg2-2

9.5.2+dfsg2-3

9.5.2+dfsg2-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-42521.json"

Debian:13

vtk9

Package

Name: vtk9
Purl: pkg:deb/debian/vtk9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.0+really9.1.0+dfsg2-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-42521.json"

Debian:14

vtk9

Package

Name: vtk9
Purl: pkg:deb/debian/vtk9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.0+really9.1.0+dfsg2-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-42521.json"