CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
48.7%
Severity: Low
Date : 2021-01-12
CVE-ID : CVE-2021-21236
Package : python-cairosvg
Type : denial of service
Remote : No
Link : https://security.archlinux.org/AVG-1412
The package python-cairosvg before version 2.5.1-1 is vulnerable to
denial of service.
Upgrade to 2.5.1-1.
The problem has been fixed upstream in version 2.5.1.
None.
In python-cairosvg before version 2.5.1, there is a regular expression
denial of service (REDoS) vulnerability. When processing SVG files, the
python package CairoSVG uses two regular expressions which are
vulnerable to regular expression denial of service (REDoS). If an
attacker provides a malicious SVG, it can make python-cairosvg get
stuck processing the file for a very long time. This is fixed in
version 2.5.1.
A malicious user could craft a SVG that takes a very long time to
process, resulting in a denial of service.
https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf
https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc
https://security.archlinux.org/CVE-2021-21236
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | python-cairosvg | < 2.5.1-1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
48.7%