VYPR

PHP Svg Lib

by Dompdf

Source repositories

CVEs (3)

  • CVE-2024-25117MedFeb 21, 2024
    risk 0.37cvss 6.8epss 0.01

    php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This…

  • CVE-2023-50251MedDec 12, 2023
    risk 0.28cvss 5.3epss 0.01

    php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern…

  • CVE-2023-50252HigDec 12, 2023
    risk 0.02cvss 8.3epss 0.24

    php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `` tag that references an `` tag, it merges the attributes from the `` tag to the `` tag. The problem pops up especially when the `href` attribute from the…