FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b66583ae-5aee-4cd5-bb31-b2d397f8b6b3librsvg2 -- multiple vulnabilities

Librsvg2 developers reports:

Backport the following fixes from 2.46.x:

Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an exponential amount of CPU time.

Fix stack exhaustion with circular references in elements.

Fix a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG elements in malicious SVGs. This is similar to the XML "billion laughs attack" but for SVG instancing.


Discovery 2020-02-26
Entry 2020-03-02
librsvg2
lt 2.40.21

librsvg2-rust
ge 2.41.0 lt 2.46.3

https://mail.gnome.org/archives/ftp-release-list/2020-February/msg00133.html
CVE-2019-20446