📄 CairoSVG Denial of Service

CairoSVG versions prior to 2.9.0 suffer from a recursive denial of service vulnerability. CVE-2026-31899: Exponential DoS via Recursive Element Amplification in CairoSVG Keywords: CVE-2026-31899, CairoSVG, exponential DoS, SVG bomb, recursive use element, denial of service, XML amplification,...

CVE-2026-31899

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input...

CVE-2026-31899

CVE-2026-31899 affects CairoSVG, a SVG converter based on Cairo. The vulnerability is an exponential denial of service via recursive element amplification in cairosvg/defs.py, causing CPU exhaustion from small inputs. The CVSS v3.1 vector yields a base score of 7.5 (HIGH) with network attack vec...

CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification

Summary Kozea/CairoSVG 300K downloads/week has exponential denial of service via recursive element amplification in cairosvg/defs.py line 335. This causes CPU exhaustion from a small input. Severity High — CVSS 3.1: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Vulnerable Code File:...

GHSA-F38F-5XPM-9R7C CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification

Summary Kozea/CairoSVG 300K downloads/week has exponential denial of service via recursive element amplification in cairosvg/defs.py line 335. This causes CPU exhaustion from a small input. Severity High — CVSS 3.1: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Vulnerable Code File:...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the use function in the SVG recursive processing workflow. An attacker can cause excessive CPU consumption by submitting a specially crafted SVG file with deeply nested...

PT-2026-21986

Name of the Vulnerable Software and Affected Versions Windows versions prior to September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025 Windows 11 23H2 and earlier Description The issue is caused by improper handling of invalid use of special elements within the CLFS.sys...

PT-2026-25365

Name of the Vulnerable Software and Affected Versions CairoSVG versions prior to 2.9.0 Description CairoSVG is an SVG converter based on Cairo, a 2D graphics library. A denial of service can occur due to recursive element amplification within the cairosvg/defs.py file, specifically in the use...

EUVD-2011-0498

Malware in sbrugna...

EUVD-2011-2340

Malware in sbrugna...

EUVD-2010-3803

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2010-3824

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote...

SUSE CVE-2010-1404

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via an SVG document that contains recursive Use elements,...

SUSE CVE-2015-1256

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element...

SUSE-SU-2020:0629-2 Security update for librsvg

This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numbe...

librsvg2 -- multiple vulnerabilities

Librsvg2 developers reports: Backport the following fixes from 2.46.x: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an...

FreeBSD Ports: chromium

The remote host is missing an update to the system as announced in the referenced advisory. VID 99aef698-66ed-11e1-8288-00262d5ed8ee OpenVAS Vulnerability Test $ Description: Auto generated from VID 99aef698-66ed-11e1-8288-00262d5ed8ee Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

CVE-2011-3035

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements...

CVE-2011-3035

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements...

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements...