Lucene search
Veracode Vulnerability DatabaseVERACODE:45600HistoryFeb 22, 2024 - 9:20 a.m.
Arbitrary Code Execution
2024-02-2209:20:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
arbitrary code execution
vulnerability
validation
scalable vector graphics
phar url
phenx/php-svg-lib is vulnerable to Arbitrary Code Execution. The vulnerability due to lack of validation of the font-family attribute. An attacker can parse a Scalable Vector Graphics (SVG) containing a PHAR url within the the font family attribute, potentially leading to arbitrary code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phenx/php-svg-lib | le | 0.5.1 | |
| phenx/php-svg-lib | le | 0.5.1 |
Related
prion
prion
Design/Logic Flaw
2024-02-21 17:15:00
cve
cve
CVE-2024-25117
2024-02-21 17:15:09
cvelist
cvelist
debiancve
debiancve
CVE-2024-25117
2024-02-21 17:15:09
github
github
php-svg-lib lacks path validation on font through SVG inline styles
2024-02-21 18:04:16
osv
osv
CVE-2024-25117
2024-02-21 17:15:09
php-svg-lib lacks path validation on font through SVG inline styles
2024-02-21 18:04:16
php-dompdf-svg-lib - security update
2024-03-20 00:00:00
nessus
nessus
Debian dsa-5642 : php-dompdf-svg-lib - security update
2024-03-20 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5642-1)
2024-03-21 00:00:00
debian
debian
[SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update
2024-03-20 19:11:38