CVE-2021-29059

Name of the Vulnerable Software and Affected Versions IS-SVG versions 2.1.0 through 4.3.1

Description The issue is related to a Regular Expression Denial of Service (ReDOS) that occurs when the application checks a crafted invalid SVG string. This can lead to unlimited memory allocation, potentially allowing a remote attacker to cause a denial of service.

Recommendations For IS-SVG versions 2.1.0 through 4.3.1, consider disabling the use of crafted SVG strings until a patch is available. As a temporary workaround, restrict the application from checking invalid SVG strings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.