CVE-2023-44709
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0029
Percentile
0,5th
Updated
EPSS Score Trend (Last 90 Days)
190
Integer Overflow or Wraparound
StableCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Access Control
Other
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Memory)
Dos: Instability
Modify Memory
Execute Unauthorized Code Or Commands
Bypass Protection Mechanism
Alter Execution Logic
Dos: Resource Consumption (Cpu)
Applicable Platforms
Languages:
C, Not Language-Specific
Application
Plutosvg by Sammycage
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sammycage:plutosvg:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://gist.github.com/sunwithmoon/3f810c27d2e553f9d31bd7c50566f15b#file-cve-2…
https://github.com/sammycage/plutosvg/issues/7
https://gist.github.com/sunwithmoon/3f810c27d2e553f9d31bd7c50566f15b#file-cve-2…
https://github.com/sammycage/plutosvg/issues/7