Debian · Thorvg · CVE-2026-45729
**Name of the Vulnerable Software and Affected Versions**
Thor Vector Graphics (ThorVG) versions prior to 1.0.5
**Description**
A null pointer dereference occurs in the `SvgLoader::run()` function. This allows a caller to crash the process using a 6-byte payload by passing untrusted SVG data to the `Picture::load()` function.
**Recommendations**
Update to version 1.0.5.