SUSE-SU-2020:0604-1 -- SLES librsvgID: oval:org.secpod.oval:def:89000427 | Date: (C)2021-02-23 (M)2023-12-20 |
Class: PATCH | Family: unix |
This update for librsvg to version 2.40.21 fixes the following issues: librsvg was updated to version 2.40.21 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service . NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in lt;usegt; elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG quot;usequot; elements in malicious SVGs.
Platform: |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |