VYPR
High severity8.3NVD Advisory· Published Dec 12, 2023· Updated Jun 17, 2026

CVE-2023-50252

CVE-2023-50252

Description

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling ` tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the ` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dompdf/PHP Svg Libllm-fuzzy2 versions
    <0.5.1+ 1 more
    • (no CPE)range: <0.5.1
    • (no CPE)range: < 0.5.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.