Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-31899

Опубликовано: 13 мар. 2026
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:courtbouillon:cairosvg:*:*:*:*:*:*:*:*
Версия до 2.9.0 (исключая)

EPSS

Процентиль: 17%
0.00055
Низкий

7.5 High

CVSS3

Дефекты

CWE-674

Связанные уязвимости

ubuntu логотип

CVE-2026-31899

CVSS3: 7.5
ubuntu
14 дней назад

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive <use> element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.

redhat логотип

CVE-2026-31899

CVSS3: 7.5
redhat
14 дней назад

A flaw was found in CairoSVG, an SVG converter. A remote attacker could exploit this vulnerability by submitting a specially crafted SVG file that contains recursive `<use>` elements. This can lead to an exponential increase in processing time and CPU exhaustion, resulting in a Denial of Service (DoS) for the system.

debian логотип

CVE-2026-31899

CVSS3: 7.5
debian
14 дней назад

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Pr ...

github логотип

GHSA-f38f-5xpm-9r7c

CVSS3: 7.5
github
14 дней назад

CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification

EPSS

Процентиль: 17%
0.00055
Низкий

7.5 High

CVSS3

Дефекты

CWE-674