CVE-2023-44709

Published: Dec 14, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory.

Affected (1)

Products: Sammycage: Plutosvg

Sammycage

1 product

Plutosvg

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sammycage Plutosvg	All versions

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (4)

https://gist.github.com/sunwithmoon/3f810c27d2e553f9d31bd7c50566f15b#file-cve-2023-44709

Source: cve@mitre.org

Third Party Advisory

https://github.com/sammycage/plutosvg/issues/7

Source: cve@mitre.org

ExploitIssue Tracking

https://gist.github.com/sunwithmoon/3f810c27d2e553f9d31bd7c50566f15b#file-cve-2023-44709

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/sammycage/plutosvg/issues/7

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

Timeline

No history available yet.