Advisories » MGASA-2026-0104

Updated python-cairosvg packages fix security vulnerability

Publication date: 18 Apr 2026
Modification date: 18 Apr 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-31899

Description

CairoSVG vulnerable to Exponential DoS via recursive <use> element
amplification. (CVE-2026-31899)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35370
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBVXQHEZ24JPDMWUPRKDEZTECZLM3HVS/
• https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31899

SRPMS

9/core

• python-cairosvg-2.5.2-6.1.mga9