rpm package
almalinux/librsvg2
pkg:rpm/almalinux/librsvg2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38633 | — | < 2.50.7-1.el9_2.1 | 2.50.7-1.el9_2.1 | Jul 22, 2023 | A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include ele | ||
| CVE-2019-20446 | — | < 2.42.7-4.el8 | 2.42.7-4.el8 | Feb 2, 2020 | In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. |
- CVE-2023-38633Jul 22, 2023affected < 2.50.7-1.el9_2.1fixed 2.50.7-1.el9_2.1
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include ele
- CVE-2019-20446Feb 2, 2020affected < 2.42.7-4.el8fixed 2.42.7-4.el8
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.