Php-svg-lib Security Vulnerabilities and Issues — Php-svg-lib CVE List

Lucene search

DompdfPhp-svg-lib

3 matches found

CVE•added 2024/02/21 5:15 p.m.•133 views

CVE-2024-25117

php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to b...

9.8CVSS7AI score0.00254EPSS

CVE•added 2023/12/12 9:15 p.m.•38 views

CVE-2023-50251

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the me...

7.5CVSS6.2AI score0.00163EPSS

CVE•added 2023/12/12 9:15 p.m.•32 views

CVE-2023-50252

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling <use> tag that references an <image> tag, it merges the attributes from the <use> tag to the <image> tag. The problem pops up especially when the href attribute from the <use>...

9.8CVSS9AI score0.09046EPSS