CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2024-33768

CVSS 9.8v3.1pub. 2024-05-01upd. 2025-04-15

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.

πŸ€– AI Analysis
How it works

The vulnerability is triggered by the composition_solid_source_over component responsible for graphics composition operations when rendering SVG files. Improper input data processing causes a segmentation fault, which means access to an unauthorized memory area. The error can potentially be triggered by providing a specially crafted SVG file, which corresponds to the CWE-653 class (insufficient isolation or compartmentalization of sensitive components).

Impact

An attacker can cause unauthorized read and write access to process memory, potentially enabling remote code execution (RCE), privilege escalation, or application crash. A high CVSS score (9.8) indicates the possibility of violating system confidentiality, integrity, and availability without any authorization.

Mitigation & patch

Patches available from the vendor should be applied according to references. It is recommended to monitor the LunaSVG project repository for the release of a patched version and to avoid processing untrusted SVG files using the vulnerable version of the library.

Who is affected

Sammycage LunaSVG version 2.3.9

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sammycage Lunasvg

    APP
    Sammycage
    2.3.9
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-57722HIGH7.5ten sam produkt

lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovg_surface_creat...

CVE-2024-33763HIGH7.5ten sam produkt

lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp.

CVE-2024-55456MEDIUM6.5ten sam produkt

lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell

CVE-2024-57720MEDIUM6.5ten sam produkt

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend.

CVE-2024-57719MEDIUM6.5ten sam produkt

lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blend_transformed_tiled_ar...

CVE-2024-33768 β€” Sammycage β€” Lunasvg β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl