Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 03 Jun 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Thorvg
Thorvg thorvg |
|
| Vendors & Products |
Thorvg
Thorvg thorvg |
Tue, 02 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 01 Jun 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes untrusted SVG data to Picture::load() to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5. | |
| Title | ThorVG: Null pointer dereference in SVG loader causes crash via 6-byte malformed input | |
| Weaknesses | CWE-476 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-06-02T15:31:39.686Z
Reserved: 2026-05-13T05:51:48.667Z
Link: CVE-2026-45729
Updated: 2026-06-02T15:31:32.580Z
Status : Deferred
Published: 2026-06-01T19:16:53.170
Modified: 2026-06-02T16:16:43.633
Link: CVE-2026-45729
No data.
OpenCVE Enrichment
Updated: 2026-06-02T20:53:29Z