5 matches found
CVE-2026-33418
DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafti...
DiceBear 安全漏洞
DiceBear is an open-source random avatar generation library developed by DiceBear. Versions prior to DiceBear 9.4.2 contained security vulnerabilities. These vulnerabilities stemmed from the regular expression-based SVG attribute rewriting logic in the ensureSize function, which could be exploite...
Allocation of Resources Without Limits or Throttling
Overview @dicebear/converter is a SVG Converter for DiceBear Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ensureSize function. An attacker can cause excessive memory allocation and application crashes by injecting specially craft...
DiceBear 安全漏洞
DiceBear is an open-source library for generating random avatars. Versions of DiceBear prior to 9.4.0 contained a security vulnerability. This vulnerability stemmed from the ensureSize function, which read the width and height properties from the input SVG to determine the output canvas size. Thi...
Microsoft Internet Explorer 9 - IEFRAME CView::EnsureSize Use-After-Free (MS13-021)
Microsoft Internet Explorer 9 - IEFRAME CView::EnsureSize Use-After-Free MS13-021 var oElement = document.getElementById"ruby"; var oElement = oElement.parentNode.removeChildoElement; document.write""; document.documentElement.offsetTop; setTimeout"location.reload", 100; !-- Time-lin...