15 matches found
Fedora 43 : imhex / lunasvg (2025-58c0baba42)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-58c0baba42 advisory. - Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files. - Update lunasvg to consume the plutovg version...
Fedora 42 : imhex / lunasvg (2025-9b6b49071f)
The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-9b6b49071f advisory. - Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files. - Update lunasvg to consume the plutovg version...
Fedora 44 : imhex / lunasvg (2025-49d2ea998c)
The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-49d2ea998c advisory. - Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files. - Update lunasvg to consume the plutovg version...
PYSEC-2025-131
lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovgsurfacecreate...
PYSEC-2025-131
lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovgsurfacecreate...
PYSEC-2025-130
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovgpathaddpath...
PYSEC-2025-129
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovgblend...
PYSEC-2025-129
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovgblend...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write due to the plutovgblend component. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Issue - PoC Credit: keepinggg...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the plutovgsurfacecreate component. An attacker can cause a denial of service by creating a surface with an excessively large size. Details Denial of Service DoS describes a family of attacks, all aimed at maki...
PT-2025-3550 · Lunasvg · Lunasvg
Name of the Vulnerable Software and Affected Versions: lunasvg version 3.0.0 Description: The issue is related to an allocation-size-too-big bug in the plutovg surface create component. This bug can be exploited. Recommendations: For lunasvg version 3.0.0, consider disabling the plutovg surface...
PT-2025-3549 · Lunasvg · Lunasvg
Name of the Vulnerable Software and Affected Versions: lunasvg version 3.0.0 Description: The issue is related to a segmentation violation in the plutovg path add path component. This component is part of the lunasvg software. Recommendations: For lunasvg version 3.0.0, consider restricting acces...
LunaSVG 安全漏洞
LunaSVG is a standalone C SVG rendering library. A security vulnerability exists in LunaSVG that stems from the discovery of a containment allocation size oversize error via the component plutovgsurfacecreate. No detailed vulnerability details are provided at this time...
PT-2025-3548 · Lunasvg · Lunasvg
Name of the Vulnerable Software and Affected Versions: lunasvg version 3.0.0 Description: A segmentation violation was discovered in lunasvg via the plutovg blend component. This issue can be exploited. Recommendations: For lunasvg version 3.0.0, as a temporary workaround, consider disabling the...
CVE-2024-57720
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovgblend...