Lucene search

Veracode Vulnerability DatabaseVERACODE:44645

HistoryDec 13, 2023 - 5:34 a.m.

Denial Of Service (DoS)

2023-12-1305:34:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

php-svg-lib

circular references

svg

resource exhaustion

system vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

phenx/php-svg-lib is vulnerable to Denial Of Service (DoS). The vulnerability is caused due to a missing validation for circular references reached while parsing the attributes passed to a use tag inside an SVG document. An attacker can craft a malicious SVG file and send multiple request to a system to render the same SVG file that can potentially cause resource exhaustion to the point that the system is unable to handle incoming request leading to Denial Of Service (DoS).

CPENameOperatorVersion
phenx/php-svg-lible0.5.0
phenx/php-svg-lible0.5.0

CPE	Name	Operator	Version
	phenx/php-svg-lib	le	0.5.0
	phenx/php-svg-lib	le	0.5.0

References

github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0

github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for VERACODE:44645