Skip to main content

Thorvg

1 CVEs product

Monthly

CVE-2026-45729 MEDIUM PATCH This Month

Null pointer dereference in ThorVG's SVG loader crashes any process that passes untrusted SVG content through Picture::load(), enabling remote denial-of-service with a trivial 6-byte payload. All ThorVG releases prior to 1.0.5 are affected (CPE: cpe:2.3:a:thorvg:thorvg:*:*:*:*:*:*:*:*). No public exploit identified at time of analysis and no CISA KEV listing, but the fix-confirming PR diff (PR #4387) exposes the exact null-check omissions, substantially lowering the bar for independent exploit development.

Null Pointer Dereference Denial Of Service Thorvg
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Null pointer dereference in ThorVG's SVG loader crashes any process that passes untrusted SVG content through Picture::load(), enabling remote denial-of-service with a trivial 6-byte payload. All ThorVG releases prior to 1.0.5 are affected (CPE: cpe:2.3:a:thorvg:thorvg:*:*:*:*:*:*:*:*). No public exploit identified at time of analysis and no CISA KEV listing, but the fix-confirming PR diff (PR #4387) exposes the exact null-check omissions, substantially lowering the bar for independent exploit development.

Null Pointer Dereference Denial Of Service Thorvg
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy