CVE-2019-1010258 - Vulnerability Details - OpenCVE

nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nanosvg Project	Nanosvg

Configuration 1 [-]

cpe:2.3:a:nanosvg_project:nanosvg:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://0day.work/cve-2019-1000032-memory-corruption-in-nanosvg/
https://github.com/memononen/nanosvg/
https://github.com/memononen/nanosvg/issues/136

History

No history.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-05-15T17:24:40

Updated: 2024-08-05T03:07:18.493Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010258

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-15T18:29:00.263

Modified: 2024-11-21T04:18:06.227

Link: CVE-2019-1010258

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "nanosvg", "vendor": "nanosvg library", "versions": [{"status": "affected", "version": "after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726"}]}], "descriptions": [{"lang": "en", "value": "nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file."}], "problemTypes": [{"descriptions": [{"description": "Buffer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-15T17:24:40", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/memononen/nanosvg/issues/136"}, {"tags": ["x_refsource_MISC"], "url": "https://0day.work/cve-2019-1000032-memory-corruption-in-nanosvg/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/memononen/nanosvg/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010258", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "nanosvg", "version": {"version_data": [{"version_value": "after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726"}]}}]}, "vendor_name": "nanosvg library"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://github.com/memononen/nanosvg/issues/136", "refsource": "MISC", "url": "https://github.com/memononen/nanosvg/issues/136"}, {"name": "https://0day.work/cve-2019-1000032-memory-corruption-in-nanosvg/", "refsource": "MISC", "url": "https://0day.work/cve-2019-1000032-memory-corruption-in-nanosvg/"}, {"name": "https://github.com/memononen/nanosvg/", "refsource": "MISC", "url": "https://github.com/memononen/nanosvg/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.493Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/memononen/nanosvg/issues/136"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://0day.work/cve-2019-1000032-memory-corruption-in-nanosvg/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/memononen/nanosvg/"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010258", "datePublished": "2019-05-15T17:24:40", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.493Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nanosvg_project:nanosvg:-:*:*:*:*:*:*:*", "matchCriteriaId": "C22B5C89-A38B-4132-B90F-A58EEC770141", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file."}, {"lang": "es", "value": "nanosvg library nanosvg despues de busc1f6e209c16b18b46aa9f45d7e619acf42c29726 se ve afectada por: Buffer Overflow. El impacto es: da\u00f1o de memoria que lleva al menos a DoS. Los vectores de impacto m\u00e1s severos necesitan m\u00e1s investigaci\u00f3n. El componente es: es parte de una biblioteca de procesamiento svg. funci\u00f3n nsvg__parseColorRGB en src / nanosvg.h / line 1227. El vector de ataque es: Depende del uso de la biblioteca. Si la entrada se pasa desde la red, entonces la conectividad de la red es suficiente. Lo m\u00e1s probable es que un ataque requiera abrir un archivo .svg especialmente dise\u00f1ado."}], "id": "CVE-2019-1010258", "lastModified": "2024-11-21T04:18:06.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-15T18:29:00.263", "references": [{"source": "josh@bress.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://0day.work/cve-2019-1000032-memory-corruption-in-nanosvg/"}, {"source": "josh@bress.net", "tags": ["Third Party Advisory"], "url": "https://github.com/memononen/nanosvg/"}, {"source": "josh@bress.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/memononen/nanosvg/issues/136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://0day.work/cve-2019-1000032-memory-corruption-in-nanosvg/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/memononen/nanosvg/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/memononen/nanosvg/issues/136"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}