FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-19 12:13:07 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a3cef1e6-51d8-11eb-9b8d-08002728f74c	CairoSVG -- Regular Expression Denial of Service vulnerability CairoSVG security advisories: When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time. Discovery 2020-12-30 Entry 2021-01-10 py36-cairosvg py37-cairosvg py38-cairosvg py39-cairosvg >= 2.0.0 lt 2.5.1 https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf

VuXML ID

Description

a3cef1e6-51d8-11eb-9b8d-08002728f74c

CairoSVG -- Regular Expression Denial of Service vulnerability

CairoSVG security advisories:

When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS).

If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time.

Discovery 2020-12-30
Entry 2021-01-10
py36-cairosvg
py37-cairosvg
py38-cairosvg
py39-cairosvg

>= 2.0.0 lt 2.5.1

https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf