vulnerability
FreeBSD: VID-b66583ae-5aee-4cd5-bb31-b2d397f8b6b3 (CVE-2019-20446): librsvg2 -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Mar 2, 2020 | Mar 3, 2020 | Dec 10, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Mar 2, 2020
Added
Mar 3, 2020
Modified
Dec 10, 2025
Description
Librsvg2 developers reports: Backport the following fixes from 2.46.x: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an exponential amount of CPU time. Fix stack exhaustion with circular references in <use> elements. Fix a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG <use> elements in malicious SVGs. This is similar to the XML "billion laughs attack" but for SVG instancing.
Solutions
freebsd-upgrade-package-librsvg2freebsd-upgrade-package-librsvg2-rust
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.