VYPR

Packagist (Composer) package

phenx/php-svg-lib

pkg:composer/phenx/php-svg-lib

Vulnerabilities (2)

  • CVE-2024-25117MedFeb 21, 2024
    affected < 0.5.2fixed 0.5.2

    php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This

  • CVE-2023-50251MedDec 12, 2023
    affected < 0.5.1fixed 0.5.1

    php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this