PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory.
9.8CVSS
9.6AI Score
0.001EPSS
lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h.
5.5CVSS
7.2AI Score
0.0004EPSS