Segmentation Violation in LunaSVG Version 3.0.0 from SammyCage
CVE-2024-57719

6.5MEDIUM

Key Information:

Vendor: SammyCage
Status: LunaSVG
Vendor: CVE Published:; 23 January 2025

Summary

A segmentation violation was identified in LunaSVG version 3.0.0, occurring in the blend_transformed_tiled_argb.isra.0 component. This issue could potentially allow an attacker to exploit this vulnerability for unintended behaviors in applications utilizing this library, necessitating immediate attention and remediation.

References

https://github.com/keepinggg/poc/blob/main/poc_of_lunasvg...

https://github.com/sammycage/lunasvg/issues/209

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2025