Denial of service in Safe SVG

Published: 2019-11-06 | Updated: 2019-11-06

Severity	High
Patch available	YES
Number of vulnerabilities	1
CVE ID	N/A
CWE ID	CWE-400
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Safe SVG Subscribe
Vendor	Daryll Doyle

Security Advisory

This security advisory describes one high risk vulnerability.

1) Resource exhaustion

Severity: High

CVSSv3: 7.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource management. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Safe SVG: 1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.7.1, 1.8.0, 1.8.1, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4

CPE

External links

https://wpvulndb.com/vulnerabilities/9937/

https://fortiguard.com/zeroday/FG-VD-19-113

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

ImmuniWeb® AI Platform for Application Security Testing