Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Regular Expression Denial of Service in CairoSVG
Vulnerability Description
CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1. See Referenced GitHub advisory for more information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Kozea CairoSVG 资源管理错误漏洞
Vulnerability Description
Kozea CairoSVG是Kozea社区的一个基于Python可将SVG文件转换为为PDF,EPS,PS和PNG文件的软件。 CairoSVG 2.5.1之前版本存在资源管理错误漏洞,攻击者可利用该漏洞提供恶意的SVG,导致程序很长一段时间内无法处理该文件。
CVSS Information
N/A
Vulnerability Type
N/A