Cyber Resilience

CVE-2024-33763

HighPublic PoC

Published: 01 May 2024

Published
01 May 2024
Modified
15 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0011 29.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-33763 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Sammycage Lunasvg. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 29.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Stack buffer underflow in lunasvg SVG rendering library enables arbitrary code execution via crafted SVG files in client applications, facilitating Exploitation for Client Execution.

Affected Assets

sammycage
lunasvg
2.3.9

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References