ByteOS Network

Vulnerability Details :

CVE-2024-33767

Summary

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-01 May, 2024 | 00:00

Updated At-14 Mar, 2025 | 00:28

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:01 May, 2024 | 00:00

Updated At:14 Mar, 2025 | 00:28

▼CVE Numbering Authority (CNA)

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg	N/A

Hyperlink: https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-125	CWE-125 Out-of-bounds Read

Type: CWE

CWE ID: CWE-125

Description: CWE-125 Out-of-bounds Read

Metrics

Version	Base score	Base severity	Vector
3.1	5.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 5.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg	x_transferred

Hyperlink: https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg

Resource:

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:01 May, 2024 | 03:15

Updated At:15 Apr, 2025 | 17:13

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 5.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CPE Matches

sammycage>>lunasvg>>2.3.9

cpe:2.3:a:sammycage:lunasvg:2.3.9:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-125	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-125

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg	cve@mitre.org	Exploit Third Party Advisory
https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory

Hyperlink: https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Exploit

Third Party Advisory

Similar CVEs

3Records found

CVE-2024-33763

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.10% / 27.54%

7 Day CHG~0.00%

Published-01 May, 2024 | 00:00

Updated-15 Apr, 2025 | 17:14

lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp.

Vendor-sammycage n/a sammycage

Product-lunasvg n/a lunasvg

CWE ID-CWE-125

Out-of-bounds Read

CVE-2024-24826

Matching Score-4

Assigner-GitHub, Inc.

View Details

Matching Score-4

Assigner-GitHub, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 11.56%

7 Day CHG~0.00%

Published-12 Feb, 2024 | 22:17

Updated-16 Oct, 2024 | 19:39

Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor-Exiv2

Product-exiv2 exiv2

CWE ID-CWE-125

Out-of-bounds Read

CVE-2024-9843

Matching Score-4

Assigner-Ivanti

View Details

Matching Score-4

Assigner-Ivanti

CVSS Score-5||MEDIUM

EPSS-0.03% / 6.77%

7 Day CHG~0.00%

Published-12 Nov, 2024 | 16:13

Updated-17 Jan, 2025 | 20:00

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

Vendor-Ivanti Software Apple Inc.

Product-macos secure_access_client Secure Access Client secure_access_client

CWE ID-CWE-126

Buffer Over-read

CWE ID-CWE-125

Out-of-bounds Read

CVE-2024-33767

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs