Описание
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive <use> element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cairosvg | unfixed | package | ||
| cairosvg | no-dsa | trixie | package | |
| cairosvg | no-dsa | bookworm | package |
Примечания
https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c
Fixed by: https://github.com/Kozea/CairoSVG/commit/6dde8685ed3f19837767bce7a13a5491e3d0e0bf (2.9.0)
Связанные уязвимости
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive <use> element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.
A flaw was found in CairoSVG, an SVG converter. A remote attacker could exploit this vulnerability by submitting a specially crafted SVG file that contains recursive `<use>` elements. This can lead to an exponential increase in processing time and CPU exhaustion, resulting in a Denial of Service (DoS) for the system.
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive <use> element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.
CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification