FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 05:42:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b66583ae-5aee-4cd5-bb31-b2d397f8b6b3	librsvg2 -- multiple vulnerabilities Librsvg2 developers reports: Backport the following fixes from 2.46.x: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an exponential amount of CPU time. Fix stack exhaustion with circular references in elements. Fix a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG elements in malicious SVGs. This is similar to the XML "billion laughs attack" but for SVG instancing. Discovery 2020-02-26 Entry 2020-03-02 librsvg2 < 2.40.21 librsvg2-rust >= 2.41.0 lt 2.46.3 https://mail.gnome.org/archives/ftp-release-list/2020-February/msg00133.html CVE-2019-20446
d6c51737-a84b-11e5-8f5c-002590263bf5	librsvg2 -- denial of service vulnerability Adam Maris, Red Hat Product Security, reports: CVE-2015-7558: Stack exhaustion due to cyclic dependency causing to crash an application was found in librsvg2 while parsing SVG file. It has been fixed in 2.40.12 by many commits that has rewritten the checks for cyclic references. Discovery 2015-10-02 Entry 2015-12-22 librsvg2 < 2.40.12 CVE-2015-7558 ports/205502 http://www.openwall.com/lists/oss-security/2015/12/21/5 https://bugzilla.redhat.com/1268243

VuXML ID

Description

b66583ae-5aee-4cd5-bb31-b2d397f8b6b3

librsvg2 -- multiple vulnerabilities

Librsvg2 developers reports:

Backport the following fixes from 2.46.x:

Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an exponential amount of CPU time.

Fix stack exhaustion with circular references in elements.

Fix a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG elements in malicious SVGs. This is similar to the XML "billion laughs attack" but for SVG instancing.

Discovery 2020-02-26
Entry 2020-03-02
librsvg2

< 2.40.21

librsvg2-rust

>= 2.41.0 lt 2.46.3

https://mail.gnome.org/archives/ftp-release-list/2020-February/msg00133.html
CVE-2019-20446

d6c51737-a84b-11e5-8f5c-002590263bf5

librsvg2 -- denial of service vulnerability

Adam Maris, Red Hat Product Security, reports:

CVE-2015-7558: Stack exhaustion due to cyclic dependency causing to crash an application was found in librsvg2 while parsing SVG file. It has been fixed in 2.40.12 by many commits that has rewritten the checks for cyclic references.

Discovery 2015-10-02
Entry 2015-12-22
librsvg2

< 2.40.12

CVE-2015-7558
ports/205502
http://www.openwall.com/lists/oss-security/2015/12/21/5
https://bugzilla.redhat.com/1268243