25 matches found
Astra Linux – Vulnerability in Batik
A vulnerability in Batik of Apache XML Graphics allows an attacker to execute Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics versions prior to 1.16. Users are recommended to upgrade to version 1.16...
CVE-2026-29112
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...
CVE-2026-29112
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...
CVE-2026-29112
The CVE affects @dicebear/converter in DiceBear where the legacy ensureSize() reads width/height from input SVG to size the output canvas. An attacker supplying a crafted SVG with extremely large dimensions (e.g., width="999999999") could trigger uncontrolled memory allocation on the server, caus...
Allocation of Resources Without Limits or Throttling
Overview @dicebear/converter is a SVG Converter for DiceBear Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ensureSize function. An attacker can cause excessive memory allocation by supplying a crafted SVG file with extremely large...
Uncontrolled memory allocation via crafted SVG dimensions in @dicebear/converter
Impact The ensureSize function in @dicebear/converter versions 9.4.0 read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a crafted SVG with extremely large dimensions e.g. width="999999999"...
PT-2026-25842
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...
CVE-2025-69204
A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A remote attacker can exploit this vulnerability by providing a specially crafted SVG Scalable Vector Graphics image. An integer overflow occurs in the WriteSVGImage function when...
Integer Overflow or Wraparound
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Integer Overflow or Wraparound
Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
CVE-2024-22641
TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...
MGASA-2024-0361 Updated php-tcpdf packages fix security vulnerability
TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file. CVE-2024-22641...
CVE-2024-22641
TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...
CVE-2024-22641
TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...
CVE-2024-22641
TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...
PT-2024-19517 · Tcpdf +1 · Tcpdf +1
Name of the Vulnerable Software and Affected Versions: TCPDF versions 6.6.5 and earlier Description: The issue arises when parsing an untrusted SVG file, leading to a ReDoS Regular Expression Denial of Service condition. This occurs due to the inefficient handling of regular expressions within th...
External XML entity (XXE) vulnerability in svg_optimizer rubygem
An issue in Fnando svgoptimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content...
CVE-2022-42890
A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript...
CVE-2022-42890
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...
CVE-2022-42890
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...