Lucene search
K

25 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Batik

A vulnerability in Batik of Apache XML Graphics allows an attacker to execute Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics versions prior to 1.16. Users are recommended to upgrade to version 1.16...

7.5CVSS7.2AI score0.0232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-29112

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1
NVD
NVD
added 2026/03/18 4:17 a.m.4 views

CVE-2026-29112

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...

7.5CVSS0.00346EPSS
Exploits0References3
CVE
CVE
added 2026/03/18 2:19 a.m.19 views

CVE-2026-29112

The CVE affects @dicebear/converter in DiceBear where the legacy ensureSize() reads width/height from input SVG to size the output canvas. An attacker supplying a crafted SVG with extremely large dimensions (e.g., width="999999999") could trigger uncontrolled memory allocation on the server, caus...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/16 4:15 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview @dicebear/converter is a SVG Converter for DiceBear Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ensureSize function. An attacker can cause excessive memory allocation by supplying a crafted SVG file with extremely large...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/16 4:15 p.m.11 views

Uncontrolled memory allocation via crafted SVG dimensions in @dicebear/converter

Impact The ensureSize function in @dicebear/converter versions 9.4.0 read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a crafted SVG with extremely large dimensions e.g. width="999999999"...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.18 views

PT-2026-25842

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/01 12:5 p.m.5 views

CVE-2025-69204

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A remote attacker can exploit this vulnerability by providing a specially crafted SVG Scalable Vector Graphics image. An integer overflow occurs in the WriteSVGImage function when...

7.5CVSS6.9AI score0.00524EPSS
Exploits1References5
Snyk
Snyk
added 2025/12/30 4:56 p.m.4 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS7AI score0.00524EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/30 4:56 p.m.5 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS7AI score0.00524EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/14 1:50 a.m.12 views

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...

7.5CVSS6.6AI score0.01113EPSS
Exploits1References1
OSV
OSV
added 2024/11/12 7:53 p.m.10 views

MGASA-2024-0361 Updated php-tcpdf packages fix security vulnerability

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file. CVE-2024-22641...

7.5CVSS6.6AI score0.01113EPSS
Exploits1References3
NVD
NVD
added 2024/05/28 9:16 p.m.13 views

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...

7.5CVSS6.5AI score0.01113EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/05/28 8:17 p.m.17 views

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...

7.1AI score0.01113EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/28 8:17 p.m.34 views

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...

6.4AI score0.01113EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.7 views

PT-2024-19517 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions 6.6.5 and earlier Description: The issue arises when parsing an untrusted SVG file, leading to a ReDoS Regular Expression Denial of Service condition. This occurs due to the inefficient handling of regular expressions within th...

7.5CVSS6.8AI score0.01325EPSS
Exploits3References27
RubySec
RubySec
added 2023/10/19 12:0 a.m.19 views

External XML entity (XXE) vulnerability in svg_optimizer rubygem

An issue in Fnando svgoptimizer v.0.2.6 allows a remote attacker to escalate privileges when optimizing untrusted SVG content...

6.9AI score0.0142EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2023/03/27 7:43 p.m.33 views

CVE-2022-42890

A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript...

7.5CVSS7.4AI score0.0232EPSS
Exploits0References3
NVD
NVD
added 2022/10/25 5:15 p.m.27 views

CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...

7.5CVSS0.0232EPSS
Exploits0References5
OSV
OSV
added 2022/10/25 5:15 p.m.33 views

CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...

7.5CVSS7.8AI score
Exploits0References5
Rows per page
Query Builder