177 matches found
JLSEC-2026-512
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...
SUSE SLED15 / SLES15 Security Update : librsvg (SUSE-SU-2026:1750-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1750-1 advisory. This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 28...
Security update for librsvg
This update for librsvg fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Astra Linux - уязвимость в librsvg
A directory traversal vulnerability exists in the URL decoder of librsvg before version 2.56.3. This vulnerability could be exploited by local or remote attackers to access files located in the local filesystem, outside of the expected area. This was demonstrated with the URL...
CVE-2018-25305
librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor...
CVE-2018-25305
librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor...
SUSE SLES15 Security Update : librsvg (SUSE-SU-2026:1599-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1599-1 advisory. This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can le...
Security update for librsvg
This update for librsvg fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
SUSE-SU-2026:1599-1 Security update for librsvg
This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...
openSUSE 16 Security Update : librsvg (openSUSE-SU-2026:20610-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20610-1 advisory. This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack...
SUSE-SU-2026:21275-1 Security update for librsvg
This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...
SUSE-SU-2026:21377-1 Security update for librsvg
This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...
OPENSUSE-SU-2026:20610-1 Security update for librsvg
This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...
SUSE-SU-2026:20932-1 Security update for ffmpeg-7
This update for ffmpeg-7 fixes the following issues: - Updated to version 7.1.2: avcodec/librsvgdec: fix compilation with librsvg 2.50.3 libavfilter/affirequalizer: Add check for avmallocarray avcodec/libsvtav1: unbreak build with latest svtav1 avformat/hls: Fix Youtube AAC Various bugfixes...
OPENSUSE-SU-2026:20396-1 Security update for librsvg
This update for librsvg fixes the following issues: Update to version 2.60.2: - CVE-2024-12224: Fixed idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243867. - CVE-2024-43806: Fixed memory explosion in rustix bsc1229950...
SUSE-SU-2026:20755-1 Security update for librsvg
This update for librsvg fixes the following issues: Update to version 2.60.2: - CVE-2024-12224: Fixed idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243867. - CVE-2024-43806: Fixed memory explosion in rustix bsc1229950...
SUSE-SU-2026:20910-1 Security update for librsvg
This update for librsvg fixes the following issues: Update to version 2.60.2: - CVE-2024-12224: Fixed idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243867. - CVE-2024-43806: Fixed memory explosion in rustix bsc1229950...
AZL-77030 CVE-2026-25727 affecting package librsvg2 2.58.1-5
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...
openSUSE Security Advisory (SUSE-SU-2026:0243-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : librsvg (SUSE-SU-2026:0243-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0243-1 advisory. Update to version 2.57.4 - bsc1243867: - CVE-2024-12224: RUSTSEC-2024-0421 - idna accepts Punycode labels...