
We found results for “”
CVE-2025-25977
Good to know:


Date: March 9, 2025
An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1321Top Fix

Upgrade Version
Upgrade to version canvg - 4.0.3;canvg - 3.0.11;canvg - 3.0.11;canvg - 4.0.3;canvg - 3.0.11;https://github.com/canvg/canvg.git - v4.0.3;https://github.com/canvg/canvg.git - v3.0.11
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |