@dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection
Description
DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize() function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafting SVG input that causes the regex to match a non-functional occurrence of <svg before the actual SVG root element. When the SVG is subsequently rendered via @resvg/resvg-js on the Node.js code path, it renders at the attacker-specified dimensions, potentially causing out-of-memory crashes. In version 9.4.2, the regex-based approach has been replaced with XML-aware processing using fast-xml-parser to correctly identify and modify the SVG root element's attributes. Additionally, a fitTo constraint has been added to the renderAsync call as defense-in-depth, ensuring the rendered output is always bounded regardless of SVG content.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
DiceBear's regex-based SVG dimension capping can be bypassed via crafted input, causing out-of-memory crashes during PNG/JPEG conversion on Node.js.
Vulnerability
Description
DiceBear's @dicebear/converter package (versions prior to 9.4.2) contains a denial-of-service vulnerability in the ensureSize() function. The function attempted to cap SVG width and height attributes at 2048 pixels using a non-global regex with String.prototype.replace(). This regex approach is easily fooled: it matches the first occurrence of <svg in the input, which may be inside an XML comment, a string literal, or other non-element construct rather than the actual root `` element [1][2].
Exploitation
Attack Surface
An attacker can supply a crafted SVG string containing a decoy <svg tag (for example, embedded in an XML comment) before the real SVG root element. When the regex matches the decoy, the real root element's dimensions remain unchanged. During conversion (e.g., toPng, toJpeg, toWebp or toAvif on the Node.js code path), the SVG is rendered by @resvg/resvg-js via renderAsync without a fitTo constraint [1][2]. Because the rendering engine obeys the attacker-specified dimensions, it may allocate gigabytes of memory, leading to an out-of-memory crash. The browser code path is not affected because it uses the clamped return value from ensureSize() directly for canvas dimensions [2].
Impact
Successful exploitation causes a denial of service through excessive memory consumption. There is no data disclosure or integrity impact; availability is solely affected [1][2]. Any application that passes untrusted SVG content to @dicebear/converter's Node.js conversion functions is vulnerable, even outside the DiceBear avatar generation context [2].
Mitigation
Version 9.4.2 eliminates the vulnerability by replacing the regex-based approach with XML-aware parsing using fast-xml-parser to reliably identify and modify the root ` element's attributes. Additionally, a fitTo constraint has been added to the renderAsync` call as defense-in-depth, ensuring rendered output is always bounded [1][2].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@dicebear/converternpm | < 9.4.2 | 9.4.2 |
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-7j2x-32w6-p43pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33418ghsaADVISORY
- github.com/dicebear/dicebear/security/advisories/GHSA-7j2x-32w6-p43pghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.