{"id":"MGASA-2020-0159","summary":"Updated librsvg packages fix security vulnerability","details":"The updated packages fix a security vulnerability:\n\nIn xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested\npatterns can cause denial of service when passed to the library for\nprocessing. The attacker constructs pattern elements so that the number\nof final rendered objects grows exponentially. (CVE-2019-20446)\n","modified":"2026-04-16T00:09:36.128428452Z","published":"2020-04-05T17:07:15Z","upstream":["CVE-2019-20446"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0159.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26313"},{"type":"WEB","url":"http://lists.suse.com/pipermail/sle-security-updates/2020-March/006583.html"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2020-03/msg00080.html"}],"affected":[{"package":{"name":"librsvg","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/librsvg?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.45.5-3.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0159.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}