vulnerability
Arch Linux: Denial of service (CVE-2021-21236)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Jan 6, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Jan 6, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
In python-cairosvg before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to regular expression denial of service (REDoS). If an attacker provides a malicious SVG, it can make python-cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1.
Solution
arch-linux-upgrade-latest
References
- CVE-2021-21236
- https://attackerkb.com/topics/CVE-2021-21236
- URL-https://github.com/Kozea/CairoSVG/commit/cfc9175e590531d90384aa88845052de53d94bf3
- URL-https://github.com/Kozea/CairoSVG/releases/tag/2.5.1
- URL-https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf
- URL-https://pypi.org/project/CairoSVG/
- URL-https://security.archlinux.org/ASA-202101-12
- CWE-400
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.