Beware of Unsafe File Reads in php-svg-lib Library

CVECVE-2023-50252
CVSScvssV3_1: 8.3
SourceCVE-2023-50252

The php-svg-lib library is a popular tool used for parsing and rendering SVG files in PHP applications. However, a vulnerability was discovered that could allow attackers to perform unsafe file reads.

The issue arises when the library handles tags that reference tags in SVG files. It was merging attributes like “href” from the tag into the tag without sanitizing them first. This presented a risk if an attacker could control the href value.

By supplying a malicious SVG file with a crafted href, it may have been possible for an attacker to trick the library into reading arbitrary files from the server that they shouldn’t have access to. In some situations, this could even allow them to exploit PHP object injection vulnerabilities.

The good news is that developers using php-svg-lib have now been warned. Version 0.5.1 of the library also contains a fix for this issue. It is recommended that all users upgrade immediately to patch their applications. You should also be cautious of any SVG files from untrusted sources and consider sanitizing href attributes as a precaution.

Staying on top of library and framework updates is important for security. This serves as a reminder that even minor components need to have proper input validation to prevent unintended access to sensitive files or code.

References