CVE-2026-45729

MEDIUM 4.3

ThorVG: Null pointer dereference in SVG loader causes crash via 6-byte malformed input

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes untrusted SVG data to Picture::load() to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5.

CWE	CWE-476
Vendor	thorvg
Product	thorvg
Published	Jun 1, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for thorvg thorvg

Be the first to know when new medium vulnerabilities affecting thorvg thorvg are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected Versions

thorvg / thorvg

< 1.0.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/thorvg/thorvg/security/advisories/GHSA-f863-8ghq-7h64 github.com: https://github.com/thorvg/thorvg/pull/4387 github.com: https://github.com/thorvg/thorvg/commit/159f44fd5e3d2eea1b3a70689a894e657e2bb079 github.com: https://github.com/thorvg/thorvg/releases/tag/v1.0.5