lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.
The vulnerability is triggered by the composition_solid_source_over component responsible for graphics composition operations when rendering SVG files. Improper input data processing causes a segmentation fault, which means access to an unauthorized memory area. The error can potentially be triggered by providing a specially crafted SVG file, which corresponds to the CWE-653 class (insufficient isolation or compartmentalization of sensitive components).
An attacker can cause unauthorized read and write access to process memory, potentially enabling remote code execution (RCE), privilege escalation, or application crash. A high CVSS score (9.8) indicates the possibility of violating system confidentiality, integrity, and availability without any authorization.
Patches available from the vendor should be applied according to references. It is recommended to monitor the LunaSVG project repository for the release of a patched version and to avoid processing untrusted SVG files using the vulnerable version of the library.
Sammycage LunaSVG version 2.3.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSammycage Lunasvg
APPSammycage2.3.9
Related vulnerabilities
lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovg_surface_creat...
lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp.
lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend.
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blend_transformed_tiled_ar...