CVE-2024-25117

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Feb 21, 2024

Updated: Feb 22, 2024

CWE ID 73

CWE ID 502

Summary

CVE-2024-25117 is a vulnerability affecting the php-svg-lib library before version 0.5.2. This issue arises due to the library's failure to validate font-family, allowing potentially harmful PHAR urls. Consequences include bypassing restrictions or even remote code execution (RCE) on PHP versions below 8.0. Libraries that use php-svg-lib as a dependency and do not validate the fontName passed to them may also be vulnerable. The recommended solution is to upgrade to version 0.5.2, which includes a fix for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uaL1eN
https://www.cve.org/CVERecord?id=CVE-2024-25117
https://nvd.nist.gov/vuln/detail/CVE-2024-25117

Back to Vulnerability Database

CVE-2024-25117

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations