phenx/php-svg-lib

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting phenx/php-svg-libpage 1 of 1

CVE-2023-50251MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.5.1
2023-12-12
vulnerable: 0.1 ... v0.3.3 (10 versions)
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the sys…
CVE-2024-25117MEDIUMCVSS 6.8EG 6.8✓ Fixed in 0.5.2
2024-02-21
vulnerable: 0.1 ... v0.3.3 (11 versions)
php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate …

Check whether phenx/php-svg-lib is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for phenx/php-svg-lib CVEs against the assets you own.

Start Free Scan →