Cross-Origin Pixel-Stealing Vulnerability in PowerVR Image Compression (PVRIC) on Imagination 2018 and Later GPU Devices

Cross-Origin Pixel-Stealing Vulnerability in PowerVR Image Compression (PVRIC) on Imagination 2018 and Later GPU Devices

CVE-2023-44216 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.

Learn more about our Web App Pen Testing.