CLSA-2026-1769621572 python2: Fix of CVE-2025-12084

CVE-2025-12084: fix quadratic algorithm when building nested elements with xml.dom.minidom appendChild method...

Security update for exiv2-0_26

This update for exiv2-026 fixes the following issues: Add reference for previously fixed issue: CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing code of JpegBase::readMetadata bsc1248963. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE CVE-2025-12084

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

CLSA-2025-1760106873 exiv2: Fix of CVE-2025-55304

CVE-2025-55304: add new method appendIccProfile to fix quadratic performance issue...

Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata

Impact A denial-of-service was found in Exiv2 version v0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of imag...

SUSE-SU-2024:4137-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues: - CVE-2024-52804: Fixed a denial of service caused by quadratic performance of cookie parsing bsc1233668...

Regular Expression Denial of Service (ReDoS)

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to inefficient cookie parsing that results in quadratic performance. An attacker...