SUSE-SU-2026:22024-1 Security update for python-CairoSVG

This update for python-CairoSVG fixes the following issue: - CVE-2026-31899: denial of service via recursive element amplification bsc1259690...

Linux Distros Unpatched Vulnerability : CVE-2021-21236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of servic...

OPENSUSE-SU-2024:13218-1 python310-CairoSVG-2.7.1-1.1 on GA media

These are all security issues fixed in the python310-CairoSVG-2.7.1-1.1 package on the GA media of openSUSE Tumbleweed...

Updated python-cairosvg packages fix security vulnerability

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

Debian DSA-5382-1 : cairosvg - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5382 advisory. It was reported that cairosvg, a SVG converter based on Cairo, can send requests to external hosts when processing specially crafted SVG files with external file resource...

Debian: Security Advisory (DSA-5382-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5382-1] cairosvg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5382-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2023 https://www.debian.org/security/faq -...

DSA-5382-1 cairosvg - security update

Bulletin has no description...

[SECURITY] Fedora 36 Update: python-cairosvg-2.7.0-1.fc36

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...

[SECURITY] Fedora 38 Update: python-cairosvg-2.7.0-1.fc38

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...

[SECURITY] Fedora 37 Update: python-cairosvg-2.7.0-1.fc37

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...

GHSA-RWMF-W63J-P7GV CairoSVG improperly processes SVG files loaded from external resources

SSRF vulnerability Summary When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. Operating system, version and so on Linux, Debian Buster LTS core 5.10 / Parrot OS 5.1 Electro Ara, python 3.9 Tested CairoSVG version 2.6.0 Details A specially...

CairoSVG improperly processes SVG files loaded from external resources

SSRF vulnerability Summary When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. Operating system, version and so on Linux, Debian Buster LTS core 5.10 / Parrot OS 5.1 Electro Ara, python 3.9 Tested CairoSVG version 2.6.0 Details A specially...

CVE-2023-27586

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

CVE-2023-27586

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

Server side request forgery (ssrf)

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +18 more potentially affected by CVE-2023-27586 via cairosvg (>=0.5.0 <=2.6.0)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =1.0.0b1, =0.0.2, =0.1.0, =0.1.0, =2.11.0, =4.3.0, =0.0.1, =9.0.5, =1.0.0, =0.1.0, =0.2.7 and more Source cves: CVE-2023-27586 Source advisory: OSV:PYSEC-2023-9...

PYSEC-2023-9

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

CVE-2023-27586 CairoSVG improperly processes SVG files loaded from external resources

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

CVE-2023-27586

CVE-2023-27586 affects CairoSVG prior to 2.7.0, where Cairo could make requests to external hosts while processing SVGs. The underlying issue is external resource loading, enabling server-side request forgery (SSRF) and potential denial of service. The connected advisories confirm that version 2....