Lucene search
K

39 matches found

Veracode
Veracode
added 2023/12/13 5:34 a.m.13 views

Denial Of Service (DoS)

phenx/php-svg-lib is vulnerable to Denial Of Service DoS. The vulnerability is caused due to a missing validation for circular references reached while parsing the attributes passed to a use tag inside an SVG document. An attacker can craft a malicious SVG file and send multiple request to a syst...

7.5CVSS6.8AI score0.00878EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/12/12 9:15 p.m.20 views

CVE-2023-50252

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

9.8CVSS0.23903EPSS
Exploits1References2
NVD
NVD
added 2023/12/12 9:15 p.m.23 views

CVE-2023-50251

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

7.5CVSS0.00878EPSS
Exploits1References2
OSV
OSV
added 2023/12/12 9:15 p.m.1 views

DEBIAN-CVE-2023-50251

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

7.5CVSS7.3AI score0.00878EPSS
Exploits1References1
Prion
Prion
added 2023/12/12 9:15 p.m.18 views

Deserialization of untrusted data

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

7.5CVSS7AI score0.23903EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/12/12 9:15 p.m.25 views

Design/Logic Flaw

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

5CVSS7AI score0.00878EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/12/12 8:39 p.m.21 views

CVE-2023-50252 php-svg-lib unsafe attributes merge when parsing `use` tag

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

8.3CVSS9.6AI score0.23903EPSS
Exploits1References2
OSV
OSV
added 2023/12/12 8:39 p.m.20 views

CVE-2023-50252 php-svg-lib unsafe attributes merge when parsing `use` tag

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

8.3CVSS9.2AI score0.23903EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/12/12 8:37 p.m.26 views

CVE-2023-50251 php-svg-lib possible DoS caused by infinite recursion when parsing SVG document

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

5.3CVSS7.8AI score0.00878EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/12/12 8:37 p.m.6 views

CVE-2023-50251 php-svg-lib possible DoS caused by infinite recursion when parsing SVG document

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

5.3CVSS7.5AI score0.00878EPSS
Exploits1References2
CVE
CVE
added 2023/12/12 8:37 p.m.54 views

CVE-2023-50251

The CVE-2023-50251 issue affects php-svg-lib (prior to v0.5.1), a PHP library for parsing/rendering SVGs. Root cause: parsing the attributes of a use tag can trigger recursive references when an id/link points to the same object, creating an infinite recursion; memory exhaustion can follow, poten...

7.5CVSS6.2AI score0.00878EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/12/12 8:37 p.m.27 views

CVE-2023-50251 php-svg-lib possible DoS caused by infinite recursion when parsing SVG document

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

5.3CVSS7.5AI score0.00878EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.6 views

php-svg-lib security vulnerability

php-svg-lib is an open source SVG file parsing/rendering library from dompdf. A security vulnerability exists in versions of php-svg-lib prior to 0.5.1, which stems from the fact that parsing attributes passed to the use tag within an svg document may cause the system to enter infinite recursion,...

7.5CVSS6.8AI score0.00878EPSS
Exploits1References4
Veracode
Veracode
added 2023/02/10 7:49 a.m.50 views

Arbitrary Code Execution

dompdf/dompdf is vulnerable to Arbitrary Code Execution. The vulnerability exists in Cache.php due to a lack of validations for SVG files in Dompdf and php-svg-lib, allowing an attacker to parse an arbitrary URL with arbitrary protocols, which can resulting in Arbitrary Code Execution...

10CVSS9AI score0.0249EPSS
Exploits3References2Affected Software2
NVD
NVD
added 2023/02/07 7:15 p.m.37 views

CVE-2023-24813

Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However...

10CVSS9.7AI score0.0249EPSS
Exploits3References2
OSV
OSV
added 2023/02/07 6:16 p.m.49 views

GHSA-56GJ-MVH6-RP75 URI validation failure on SVG parsing. Bypass of CVE-2023-23924

Summary Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Details Dompdf parses the href attribute of image tags with the following code: src/Image/Cache.php line 135-150 php function $parser, $name,...

10CVSS9.5AI score0.0249EPSS
Exploits3References4
Github Security Blog
Github Security Blog
added 2023/02/07 6:16 p.m.56 views

URI validation failure on SVG parsing. Bypass of CVE-2023-23924

Summary Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Details Dompdf parses the href attribute of image tags with the following code: src/Image/Cache.php line 135-150 php function $parser, $name,...

10CVSS9.3AI score0.03572EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2023/02/07 6:5 p.m.143 views

CVE-2023-24813

Dompdf (PHP HTML‑to‑PDF) has two CVEs (CVE-2023-23924 and CVE-2023-24813) related to SVG parsing. The root cause is inconsistent attribute parsing between Dompdf and php-svg-lib: Dompdf considers xlink:href when present, but php-svg-lib also reads href, allowing an empty xlink:href to bypass prot...

10CVSS9.6AI score0.03572EPSS
Exploits3References2Affected Software1
Debian CVE
Debian CVE
added 2023/02/07 6:5 p.m.23 views

CVE-2023-24813

Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However...

10CVSS9.7AI score0.0249EPSS
Exploits3
Rows per page
Query Builder