An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.Referenceshttps://github.com/canvg/canvg/issues/1749
