Advisories » MGASA-2021-0149

Updated python-cairosvg packages fix security vulnerability

Publication date: 21 Mar 2021
Modification date: 21 Mar 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2021-21236

Description

When processing SVG files, the python package CairoSVG uses two regular
expressions which are vulnerable to Regular Expression Denial of Service
(REDoS). If an attacker provides a malicious SVG, it can make cairosvg
get stuck processing the file for a very long time (CVE-2021-21236).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28122
• https://github.com/advisories/GHSA-hq37-853p-g5cf
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21236

SRPMS

7/core

• python-cairosvg-2.2.1-1.1.mga7