Skip to content

Instantly share code, notes, and snippets.

@sunwithmoon

sunwithmoon/CVE-2023-44709

Created December 11, 2023 09:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sunwithmoon/3f810c27d2e553f9d31bd7c50566f15b to your computer and use it in GitHub Desktop.
Save sunwithmoon/3f810c27d2e553f9d31bd7c50566f15b to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2023-44709
Raw
CVE-2023-44709
[CVE ID]
CVE-2023-44709
[NAME OF AFFECTED PRODUCT(S)]
PlutoSVG (https://github.com/sammycage/plutosvg)
[AFFECTED AND/OR FIXED VERSION(S)]
PlutoSVG (commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before)
[PROBLEM TYPE]
Integer Overflow
[DESCRIPTION]
An integer overflow in the allocated size exists in PlutoSVG (commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before) via the plutosvg_load_from_memory function in plutosvg.c. It might lead to heap overflow and arbitrary code execution.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment