CVE-2024-57719
Published: 23 January 2025
Summary
CVE-2024-57719 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Sammycage Lunasvg. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53717
Vulnerability details
lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blend_transformed_tiled_argb.isra.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Segmentation violation in lunasvg SVG rendering library enables exploitation of client applications processing malicious SVGs for code execution (T1203) or application crashes causing endpoint denial of service (T1499.004).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.