6 matches found
CVE-2026-33418 @dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection
DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafti...
CVE-2026-29112 @dicebear/converter vulnerable to ncontrolled memory allocation via crafted SVG dimensions
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...
CVE-2026-29112
The CVE affects @dicebear/converter in DiceBear where the legacy ensureSize() reads width/height from input SVG to size the output canvas. An attacker supplying a crafted SVG with extremely large dimensions (e.g., width="999999999") could trigger uncontrolled memory allocation on the server, caus...
CVE-2026-29112 @dicebear/converter vulnerable to ncontrolled memory allocation via crafted SVG dimensions
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...
Uncontrolled memory allocation via crafted SVG dimensions in @dicebear/converter
Impact The ensureSize function in @dicebear/converter versions 9.4.0 read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a crafted SVG with extremely large dimensions e.g. width="999999999"...
GHSA-V3R3-4QGC-VW66 Uncontrolled memory allocation via crafted SVG dimensions in @dicebear/converter
Impact The ensureSize function in @dicebear/converter versions 9.4.0 read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a crafted SVG with extremely large dimensions e.g. width="999999999"...