VYPR

rpm package

suse/librsvg&distro=SUSE Linux Enterprise Module for Package Hub 15 SP2

pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2

Vulnerabilities (2)

  • CVE-2019-20446Feb 2, 2020
    affected < 2.42.8-3.3.1fixed 2.42.8-3.3.1

    In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

  • CVE-2018-20991Aug 26, 2019
    affected < 2.42.9-3.6.1fixed 2.42.9-3.6.1

    An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.