Lucene search
PRIOn knowledge basePRION:CVE-2023-50251HistoryDec 12, 2023 - 9:15 p.m.
Design/Logic Flaw
2023-12-1221:15:00
PRIOn knowledge base
www.prio-n.com
9
security vulnerability
php-svg-lib
svg file parsing
infinite recursion
resource exhaustion
attack pattern
patch
version 0.5.1
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. An attacker sending multiple request to a system to render the above payload can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 0.5.1 contains a patch for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php-svg-lib | lt | 0.5.1 |
Related
github
github
Denial of service caused by infinite recursion when parsing SVG document
2023-12-13 13:32:21
debiancve
debiancve
CVE-2023-50251
2023-12-12 21:15:08
veracode
veracode
Denial Of Service (DoS)
2023-12-13 05:34:09
osv
osv
Denial of service caused by infinite recursion when parsing SVG document
2023-12-13 13:32:21
CVE-2023-50251
2023-12-12 21:15:08
php-dompdf-svg-lib - security update
2024-03-20 00:00:00
cve
cve
CVE-2023-50251
2023-12-12 21:15:08
nvd
nvd
CVE-2023-50251
2023-12-12 21:15:08
cvelist
cvelist
nessus
nessus
Debian dsa-5642 : php-dompdf-svg-lib - security update
2024-03-20 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5642-1)
2024-03-21 00:00:00
debian
debian
[SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update
2024-03-20 19:11:38