VDB

GCVE-110-MAGEIA-2020-159

GCVE-110-MAGEIA-2020-159
Advisory Published
Vulnetix · Advisory published April 5, 2020
The updated packages fix a security vulnerability: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. (CVE-2019-20446)

Affected Products

VendorProductVersionsPlatforms
Mageiaipset0 (affected), 7.6-1.mga7 (unaffected)
Mageialibrsvg2.45.5-3.1.mga7 (unaffected), 0 (affected), 0 (affected), 2.45.5-3.1.mga7 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›