Allocation Size Issue in lunaSVG Product by lunasvg Vendor
CVE-2024-57722

7.5HIGH

Key Information:

Vendor
lunasvg
Status
lunaSVG
Vendor
CVE Published:
23 January 2025

Summary

A vulnerability has been identified in the lunaSVG product, specifically in versions 3.0.0 and 3.1.0, where an allocation-size-too-big bug was discovered in the component 'plutovg_surface_create'. This flaw can lead to improper memory management and may result in potential application crashes or unexpected behavior. Users of the lunaSVG library are advised to review this issue carefully and implement necessary updates to mitigate potential risks.

References

https://github.com/keepinggg/poc/blob/main/poc_of_lunasvg...
https://github.com/sammycage/lunasvg/issues/209

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.