Primary

Context

lunasvg Segmentation Fault Vulnerability in Component plutovg_blend

Vulnerability

A segmentation fault vulnerability has been identified in lunasvg version 3.0.0. The issue arises in the component plutovg_blend, where improper handling of memory access leads to a crash. This vulnerability can be triggered by specific SVG input that causes the application to attempt to read from an invalid memory address, resulting in a segmentation violation.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application.

Reproduction

The vulnerability can be reproduced using the lunasvg command-line tool 'svg2png' version 3.0.0. After compiling lunasvg with AddressSanitizer enabled, the tool can be run with a crafted SVG file that triggers the segmentation fault. The AddressSanitizer will report the segmentation fault, indicating that the vulnerability has been successfully exploited.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

lunasvg Segmentation Fault Vulnerability in Component plutovg_blend

Vulnerability

Impact

Reproduction

Affected Products

lunasvg

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating