rpm package
suse/librsvg&distro=SUSE Linux Enterprise Micro 5.3
pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Micro%205.3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25727 | — | < 2.52.12-150400.3.12.1 | 2.52.12-150400.3.12.1 | Feb 6, 2026 | time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used | ||
| CVE-2024-12224 | — | < 2.52.12-150400.3.9.1 | 2.52.12-150400.3.9.1 | May 30, 2025 | Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname. | ||
| CVE-2024-43806 | Med | 6.5 | < 2.52.12-150400.3.9.1 | 2.52.12-150400.3.9.1 | Aug 26, 2024 | Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this c | |
| CVE-2023-38633 | — | < 2.52.10-150400.3.6.1 | 2.52.10-150400.3.6.1 | Jul 22, 2023 | A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include ele |
- CVE-2026-25727Feb 6, 2026affected < 2.52.12-150400.3.12.1fixed 2.52.12-150400.3.12.1
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used
- CVE-2024-12224May 30, 2025affected < 2.52.12-150400.3.9.1fixed 2.52.12-150400.3.9.1
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
- affected < 2.52.12-150400.3.9.1fixed 2.52.12-150400.3.9.1
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this c
- CVE-2023-38633Jul 22, 2023affected < 2.52.10-150400.3.6.1fixed 2.52.10-150400.3.6.1
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include ele