{"id":"CVE-2023-50252","summary":"php-svg-lib unsafe attributes merge when parsing `use` tag","details":"php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `\u003cuse\u003e` tag that references an `\u003cimage\u003e` tag, it merges the attributes from the `\u003cuse\u003e` tag to the `\u003cimage\u003e` tag. The problem pops up especially when the `href` attribute from the `\u003cuse\u003e` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue. ","aliases":["GHSA-jq98-9543-m4cr"],"modified":"2026-04-02T09:40:16.939077Z","published":"2023-12-12T20:39:17.905Z","database_specific":{"cwe_ids":["CWE-15","CWE-502"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50252.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50252.json"},{"type":"ADVISORY","url":"https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50252"},{"type":"FIX","url":"https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dompdf/php-svg-lib","events":[{"introduced":"0"},{"fixed":"8a8a1ebcf6aea861ef30197999f096f7bd4b4456"}]}],"versions":["0.3.4","0.4.0","0.4.1","0.5.0","v0.1","v0.2","v0.3","v0.3.0","v0.3.1","v0.3.2","v0.3.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50252.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}]}