CVE-2021-21236

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21236

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21236.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-21236

Aliases

Related

Published

2021-01-06T17:15:23Z

Modified

2025-01-15T01:46:58.989649Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1. See Referenced GitHub advisory for more information.

References

Affected packages

Debian:11 / cairosvg

Package

Name: cairosvg
Purl: pkg:deb/debian/cairosvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cairosvg

Package

Name: cairosvg
Purl: pkg:deb/debian/cairosvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cairosvg

Package

Name: cairosvg
Purl: pkg:deb/debian/cairosvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kozea/cairosvg

Affected ranges

Type: GIT
Repo: https://github.com/kozea/cairosvg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cfc9175e590531d90384aa88845052de53d94bf3

Fixed

cfc9175e590531d90384aa88845052de53d94bf3

Affected versions

0.*

0.1

0.1.1

0.1.2

0.2

0.3

0.3.1

0.4

0.4.1

0.4.2

0.4.3

0.4.4

0.5

1.*

1.0

1.0.1

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.2

1.0.20

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

2.*

2.0.0

2.0.0-rc6

2.0.0rc1

2.0.0rc2

2.0.0rc3

2.0.0rc4

2.0.0rc5

2.0.0rc6

2.0.1

2.0.2

2.0.3

2.1.0

2.1.1

2.1.2

2.1.3

2.2.0

2.2.1

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.5.0