Allocation Size Issue in lunaSVG Product by lunasvg Vendor
CVE-2024-57722
7.5HIGH
Key Information:
- Vendor
- lunasvg
- Status
- lunaSVG
- Vendor
- CVE Published:
- 23 January 2025
Summary
A vulnerability has been identified in the lunaSVG product, specifically in versions 3.0.0 and 3.1.0, where an allocation-size-too-big bug was discovered in the component 'plutovg_surface_create'. This flaw can lead to improper memory management and may result in potential application crashes or unexpected behavior. Users of the lunaSVG library are advised to review this issue carefully and implement necessary updates to mitigate potential risks.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published