resvg
resvg copied to clipboard
Library susceptible to billion laugh style attacks
When I try to open a malicious SVG that is created using nested references it hangs the application. The sample test case is at https://unshorn.github.io/foo.svg Other samples are: https://unshorn.github.io/nested-pattern-crash.svg https://unshorn.github.io/deep.svg
Yes, xlink:href
nesting is not limited.
I'm looking into this right now and looks like deep.svg
is malformed. </g>
at 5000019 should be removed.
foo.svg
and deep.svg
are fixed. nested-pattern-crash.svg
is more complicated.
For some reason, Chrome and Batik are able to render nested-pattern-crash.svg
just fine. Firefox and Inkscape freezing. librsvg returns an error.
Looks like the files have been deleted, so can't reproduce it. :(
I don't have them either. I will try to reproduce nested-pattern-crash.svg
. Afaik it had a lot of nested patters (a pattern with a pattern with a pattern and so on), but in case of resvg
it just took forever to render. Not an actual endless loop.