Vulnerabilities > CVE-2019-1010258 - Out-of-bounds Write vulnerability in Nanosvg Project Nanosvg
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://0day.work/cve-2019-1000032-memory-corruption-in-nanosvg/
- https://0day.work/cve-2019-1000032-memory-corruption-in-nanosvg/
- https://github.com/memononen/nanosvg/
- https://github.com/memononen/nanosvg/
- https://github.com/memononen/nanosvg/issues/136
- https://github.com/memononen/nanosvg/issues/136