CVE-2023-50251

Name of the Vulnerable Software and Affected Versions php-svg-lib versions prior to 0.5.1

Description The issue arises when parsing attributes passed to a use tag inside an SVG document, allowing an attacker to cause the system to go into infinite recursion. This could exhaust the memory available to the executing process and/or the server itself, potentially leading to resource exhaustion if multiple requests are sent to render the payload.

Recommendations For versions prior to 0.5.1, update to version 0.5.1 to resolve the issue. As a temporary workaround, consider restricting the parsing of use tags with href or xlink:href attributes to prevent infinite recursion.