Aritra Chakraborty

**Name of the Vulnerable Software and Affected Versions** convert-svg-core versions all convert-svg-to-png versions all convert-svg-to-jpeg versions all **Description** This issue allows an attacker to read arbitrary files from the file system using a specially crafted SVG file. The attacker could then show the file content as a converted PNG file. **Recommendations** For convert-svg-core, consider disabling the SVG conversion functionality until a patch is available. For convert-svg-to-png, restrict access to the PNG conversion module to minimize the risk of exploitation. For convert-svg-to-jpeg, avoid using the JPEG conversion function with untrusted SVG files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.