CVE-2018-17332

HIGH

libsvg2 - Memory Corruption

Title source: llm

Description

An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.

References (1)

[Exploit, Third Party Advisory] https://github.com/agambier/libsvg2/issues/2

Scores

CVSS v3 7.5

EPSS 0.0033

EPSS Percentile 55.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-772

Status published

Affected Products (1)

libsvg2_project/libsvg2 < 2012-10-19

Timeline

Published Sep 22, 2018

Tracked Since Feb 18, 2026