Primary

Context

lunasvg Segmentation Fault Vulnerability in Version 3.0.0

Vulnerability

A segmentation fault vulnerability has been identified in lunasvg version 3.0.0. This issue arises in the gray_record_cell component, where improper handling of memory access leads to a crash. The vulnerability can be reproduced using the 'svg2png' command-line tool included with lunasvg, which is available on GitHub.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application.

Reproduction

The vulnerability can be reproduced by using the 'svg2png' tool from lunasvg version 3.0.0. After compiling lunasvg with AddressSanitizer enabled, the tool can be run with a specially crafted SVG file that triggers the segmentation fault. This SVG file must be referenced in the 'SEGV-gray_record_cell' sample, available in the 'poc_of_lunasvg_3.1.0' directory of the 'keepinggg' GitHub repository.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

lunasvg Segmentation Fault Vulnerability in Version 3.0.0

Vulnerability

Impact

Reproduction

Affected Products

lunasvg

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating