SUSE-SU-2020:0629-1 -- SLES librsvg, typelib-1_0-Rsvg-2_0, gdk-pixbuf-loader-rsvgID: oval:org.secpod.oval:def:89050480 | Date: (C)2023-10-10 (M)2023-10-10 |
Class: PATCH | Family: unix |
This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service . NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in less than use greater than elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG "use" elements in malicious SVGs.
Platform: |
SUSE Linux Enterprise Desktop 15 SP1 |
SUSE Linux Enterprise Server 15 SP1 |
Product: |
librsvg |
typelib-1_0-Rsvg-2_0 |
gdk-pixbuf-loader-rsvg |