Date: Thu, 2 Jun 2016 11:40:37 +0200 From: Gustavo Grieco <gustavo.grieco@...il.com> To: oss-security@...ts.openwall.com Subject: CVE request: DoS in phantomjs 2.1.1 rasterizing websites Hi, A denegation of service vulnerability was found in phantomjs when it is processing a particular svg file. This crash caused by a null pointer derreference can be easily used by a malicious website to avoid rasterizing when it is crawled using phantomjs 2.1.1. Previous versions like 1.9.x are not affected. A reproducer is available here: https://github.com/ariya/phantomjs/issues/14244 Please assign a CVE if suitable. Regards, Gustavo.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ