CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
AI Score
Confidence
High
EPSS
Percentile
38.6%
When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts.
When CairoSVG processes an SVG file, it can send requests to external hosts and wait for a response from the external server after a successful TCP handshake. This will cause the server to hang.
It seems this bug can affect websites or servers and cause a complete freeze while uploading this PoC file to the server.
Specially crafted SVG file that opens /proc/self/fd/1 or /dev/stdin results in a hang with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SVG file.
It seems this bug can affect websites or servers and cause a complete freeze while uploading this PoC file to the server.
Vendor | Product | Version | CPE |
---|---|---|---|
pypi | ml-scanner | * | cpe:2.3:a:pypi:ml-scanner:*:*:*:*:*:pypi:*:* |
github.com/advisories/GHSA-rwmf-w63j-p7gv
github.com/Kozea/CairoSVG
github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255
github.com/Kozea/CairoSVG/commit/33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53
github.com/Kozea/CairoSVG/releases/tag/2.7.0
github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
github.com/pypa/advisory-database/tree/main/vulns/cairosvg/PYSEC-2023-9.yaml
nvd.nist.gov/vuln/detail/CVE-2023-27586
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
AI Score
Confidence
High
EPSS
Percentile
38.6%