Uncontrolled memory allocation via crafted SVG dimensions in @dicebear/converter

Impact The ensureSize function in @dicebear/converter versions 9.4.0 read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a crafted SVG with extremely large dimensions e.g. width="999999999"...

Linux Distros Unpatched Vulnerability : CVE-2021-37136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during...