lunasvg Memory Corruption Vulnerability in Version 3.0.0

A vulnerability has been identified in lunasvg version 3.0.0, related to improper memory allocation handling in the 'plutovg_surface_create' component. This flaw can lead to a memory corruption issue, specifically a segmentation fault, by allowing excessively large allocation requests that exceed the maximum supported size. The vulnerability can be reproduced using the 'svg2png' tool included with lunasvg, which is available on GitHub.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application.

Reproduction

The vulnerability can be reproduced by using the 'svg2png' command-line tool that comes with lunasvg. After compiling lunasvg with AddressSanitizer enabled, the tool can be run with a specially crafted SVG file that triggers the allocation-size-too-big bug. This SVG file can be found in the 'poc_of_lunasvg_3.1.0' directory on the user's GitHub repository.