CVE-2023-44709

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 14, 2023

Updated: Dec 19, 2023

CWE ID 190

Summary

CVE-2023-44709 is a newly identified vulnerability affecting the PlutoSVG software. Specifically, commits up to and including 336c02997277a1888e6ccbbbe674551a0582e5c4 contain an integer overflow issue in the plutosvg_load_from_memory component. This flaw could potentially be exploited by attackers to execute arbitrary code or cause denial-of-service conditions. Users are urged to update their PlutoSVG installations to address this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s4CE61
https://www.cve.org/CVERecord?id=CVE-2023-44709
https://nvd.nist.gov/vuln/detail/CVE-2023-44709

Back to Vulnerability Database

CVE-2023-44709

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations