phenx/php-svg-lib is vulnerable to Arbitrary Code Execution. The vulnerability due to lack of validation of the font-family attribute. An attacker can parse a Scalable Vector Graphics (SVG) containing a PHAR url within the the font family attribute, potentially leading to arbitrary code execution.
CPE | Name | Operator | Version |
---|---|---|---|
phenx/php-svg-lib | le | 0.5.1 | |
phenx/php-svg-lib | le | 0.5.1 |