CVE-2026-33418
SVG Dimension Capping Bypass via XML Comment Injection in @dicebear/converter ensureSize()
Description
## Summary The `ensureSize()` function in `@dicebear/converter` used a regex-based approach to rewrite SVG `width`/`height` attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafting SVG input that causes the regex to match a non-functional occurrence of `<svg` before the actual SVG root element. When the SVG is subsequently rendered via `@resvg/resvg-js` on the Node.js code path, it renders at the attacker-specified dimensions, potentially causing out-of-memory crashes. ## Details The vulnerable function used `String.prototype.replace()` with a non-global regex to find and rewrite the first `<svg` tag's dimensions. Since the regex does not distinguish between `<svg` appearing inside non-element XML constructs and the actual SVG root element, a crafted input can cause the regex to match a decoy instead of the real element, leaving the actual SVG dimensions unclamped. In the Node.js rendering path, `renderAsync` from `@resvg/resvg-js` was called without a `fitTo` constraint, so it would render at whatever dimensions the SVG element specified — potentially allocating gigabytes of memory. The browser code path is **not** vulnerable because it uses the clamped `size` return value from `ensureSize()` to set `canvas.width` and `canvas.height` directly. ## Impact Any application that passes untrusted or user-supplied SVG content through `@dicebear/converter`'s Node.js conversion functions (`toPng`, `toJpeg`, `toWebp`, `toAvif`) is vulnerable to denial of service via excessive memory allocation. Note that `@dicebear/converter` can be used independently of DiceBear's avatar generation — any SVG string can be passed to the conversion functions. The impact is limited to availability — there is no data disclosure or integrity impact. The browser code path is not affected. ## Fix The regex-based approach has been replaced with XML-aware processing using `fast-xml-parser` to correctly identify and modify the SVG root element's attributes. Additionally, a `fitTo` constraint has been added to the `renderAsync` call as defense-in-depth, ensuring the rendered output is always bounded regardless of SVG content.
How to fix CVE-2026-33418
To remediate CVE-2026-33418, upgrade the affected package to a fixed version below.
- —upgrade to 9.4.2 or later