rpm package
suse/librsvg&distro=SUSE Linux Enterprise Module for Package Hub 15 SP2
pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-20446 | — | < 2.42.8-3.3.1 | 2.42.8-3.3.1 | Feb 2, 2020 | In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. | ||
| CVE-2018-20991 | — | < 2.42.9-3.6.1 | 2.42.9-3.6.1 | Aug 26, 2019 | An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free. |
- CVE-2019-20446Feb 2, 2020affected < 2.42.8-3.3.1fixed 2.42.8-3.3.1
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
- CVE-2018-20991Aug 26, 2019affected < 2.42.9-3.6.1fixed 2.42.9-3.6.1
An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.