Allocation Size Issue in lunaSVG Product by lunasvg Vendor
CVE-2024-57722

7.5HIGH

Key Information:

Vendor: lunasvg
Status: lunaSVG
Vendor: CVE Published:; 23 January 2025

What is CVE-2024-57722?

A vulnerability has been identified in the lunaSVG product, specifically in versions 3.0.0 and 3.1.0, where an allocation-size-too-big bug was discovered in the component 'plutovg_surface_create'. This flaw can lead to improper memory management and may result in potential application crashes or unexpected behavior. Users of the lunaSVG library are advised to review this issue carefully and implement necessary updates to mitigate potential risks.

References

https://github.com/keepinggg/poc/blob/main/poc_of_lunasvg...

https://github.com/sammycage/lunasvg/issues/209

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2025