Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-45729
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-01 Jun, 2026 | 17:18
Updated At-02 Jun, 2026 | 15:31
Rejected At-
▼CVE Numbering Authority (CNA)
ThorVG: Null pointer dereference in SVG loader causes crash via 6-byte malformed input

Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes untrusted SVG data to Picture::load() to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5.

Affected Products
Vendor
thorvg
Product
thorvg
Versions
Affected
  • < 1.0.5
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476: NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/thorvg/thorvg/security/advisories/GHSA-f863-8ghq-7h64
x_refsource_CONFIRM
https://github.com/thorvg/thorvg/pull/4387
x_refsource_MISC
https://github.com/thorvg/thorvg/commit/159f44fd5e3d2eea1b3a70689a894e657e2bb079
x_refsource_MISC
https://github.com/thorvg/thorvg/releases/tag/v1.0.5
x_refsource_MISC
Hyperlink: https://github.com/thorvg/thorvg/security/advisories/GHSA-f863-8ghq-7h64
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/thorvg/thorvg/pull/4387
Resource:
x_refsource_MISC
Hyperlink: https://github.com/thorvg/thorvg/commit/159f44fd5e3d2eea1b3a70689a894e657e2bb079
Resource:
x_refsource_MISC
Hyperlink: https://github.com/thorvg/thorvg/releases/tag/v1.0.5
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/thorvg/thorvg/security/advisories/GHSA-f863-8ghq-7h64
exploit
Hyperlink: https://github.com/thorvg/thorvg/security/advisories/GHSA-f863-8ghq-7h64
Resource:
exploit
Details not found