Primary

Context

lunasvg Segmentation Fault Vulnerability in Version 3.0.0

Vulnerability

A segmentation fault vulnerability has been identified in lunasvg version 3.0.0. This issue arises in the 'blend_transformed_tiled_argb.isra.0' component, where improper handling of memory access leads to a crash. The vulnerability is triggered by a read memory access violation, specifically referencing an address in the zero page, which is not permissible.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application.

Reproduction

The vulnerability can be reproduced using the 'svg2png' command-line tool included with lunasvg. After compiling lunasvg with AddressSanitizer enabled, the tool can be used to process an SVG file that triggers the vulnerability. This specific file should be referenced in the 'SEGV-blend_transformed_tiled_argb.isra.0' file within the same repository.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

lunasvg Segmentation Fault Vulnerability in Version 3.0.0

Vulnerability

Impact

Reproduction

Affected Products

lunasvg

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating