{"id":"CVE-2021-28855","details":"In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).","modified":"2026-04-11T17:12:17.434243Z","published":"2021-04-14T17:15:14.363Z","references":[{"type":"WEB","url":"https://github.com/fuzzing2026/CVE-PoCs/tree/main/deark-CVE-2021-28855"},{"type":"FIX","url":"https://fatihhcelik.github.io/posts/NULL-Pointer-Dereference-Deark/"},{"type":"FIX","url":"https://github.com/jsummers/deark/commit/287f5ac31dfdc074669182f51ece637706070eeb"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jsummers/deark","events":[{"introduced":"0"},{"fixed":"fb671aa5d1b4317fabe5aab3e3713ca4b5798f95"},{"fixed":"287f5ac31dfdc074669182f51ece637706070eeb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.5.8"}]}}],"versions":["v1.5.5","v1.5.6","v1.5.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28855.json","vanir_signatures_modified":"2026-04-11T17:12:17Z","vanir_signatures":[{"signature_version":"v1","target":{"file":"modules/pict.c"},"id":"CVE-2021-28855-0e69995a","deprecated":false,"source":"https://github.com/jsummers/deark/commit/287f5ac31dfdc074669182f51ece637706070eeb","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["7992209497181885195093281677322425532","300163394889970727985962671517364393979","46660956413701744817043859776108545619"]}},{"signature_version":"v1","target":{"file":"modules/pict.c","function":"do_iccprofile_item"},"id":"CVE-2021-28855-f5f34b82","deprecated":false,"source":"https://github.com/jsummers/deark/commit/287f5ac31dfdc074669182f51ece637706070eeb","signature_type":"Function","digest":{"length":593,"function_hash":"177656781395285593963592552773643755210"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}