MiracleLinux 9 : librsvg2-2.50.7-1.el9.1 (AXSA:2023-6396:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6396:01 advisory. librsvg: Arbitrary file read when xinclude href has special characters CVE-2023-38633 Tenable has extracted the preceding description block directly from the...

EulerOS 2.0 SP10 : librsvg2 (EulerOS-SA-2026-1051)

According to the versions of the librsvg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the...

TencentOS Server 4: librsvg2 (TSSA-2025:0073)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0073 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Security Bulletin: IBM Security Guardium is affected by multiple OS level vulnerabilities

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the ProtocolBuffers. By sending a specially crafted message with multiple...

Linux Distros Unpatched Vulnerability : CVE-2023-38633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem...

RHEL 7 : librsvg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - librsvg: SIGFPE is raised in boxblurline function of rsvg-filter.c CVE-2017-11464 - A directory traversal...

AlmaLinux 9 : librsvg2 (ALSA-2023:5081)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5081 advisory. - A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem...

librsvg2 security update

2.50.7-1.el92.1 - Fix CVE-2023-38633 2224947...

ALSA-2023:5081 Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Arbitrary file read when xinclude href has special characters CVE-2023-38633 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Arbitrary file read when xinclude href has special characters CVE-2023-38633 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

Updated librsvg packages fix security vulnerability

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. CVE-2023-3863...

MGASA-2023-0259 Updated librsvg packages fix security vulnerability

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. CVE-2023-3863...

OESA-2023-1582 librsvg2 security update

An SVG library based on cairo. Security Fixes: A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by...

Moderate: Red Hat Security Advisory: librsvg2 security update

An update for librsvg2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 9 : librsvg2 (RHSA-2023:4809)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4809 advisory. The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Arbitrary file read when...

Important: librsvg2

Issue Overview: A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include elemen...

Amazon Linux 2023 : librsvg2, librsvg2-devel, librsvg2-tools (ALAS2023-2023-295)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-295 advisory. A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrat...

Fedora 37 : librsvg2 (2023-0873c38acd)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0873c38acd advisory. librsvg 2.54.6 release, fixing CVE-2023-38633: - Fix arbitrary file read when href has special characters. Tenable has extracted the preceding description...

USN-6266-1: librsvg vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element. Update Instructions: Run sudo pro f...

SUSE SLES15 / openSUSE 15 Security Update : librsvg (SUSE-SU-2023:3208-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3208-1 advisory. - A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to...