oss-sec mailing list archives
CVE request: DoS in phantomjs 2.1.1 rasterizing websites
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Thu, 2 Jun 2016 11:40:37 +0200
Hi, A denegation of service vulnerability was found in phantomjs when it is processing a particular svg file. This crash caused by a null pointer derreference can be easily used by a malicious website to avoid rasterizing when it is crawled using phantomjs 2.1.1. Previous versions like 1.9.x are not affected. A reproducer is available here: https://github.com/ariya/phantomjs/issues/14244 Please assign a CVE if suitable. Regards, Gustavo.
Current thread:
- CVE request: DoS in phantomjs 2.1.1 rasterizing websites Gustavo Grieco (Jun 02)
- Re: CVE request: DoS in phantomjs 2.1.1 rasterizing websites cve-assign (Jun 02)
- Re: CVE request: DoS in phantomjs 2.1.1 rasterizing websites Gustavo Grieco (Jun 04)
- Re: CVE request: DoS in phantomjs 2.1.1 rasterizing websites cve-assign (Jun 02)