FreeBSD : CairoSVG -- Regular Expression Denial of Service vulnerability (a3cef1e6-51d8-11eb-9b8d-08002728f74c)

high Nessus Plugin ID 144826

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

CairoSVG security advisories :

When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS).

If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?78bc8eea

http://www.nessus.org/u?04f8dcce

Plugin Details

Severity: High

ID: 144826

File Name: freebsd_pkg_a3cef1e651d811eb9b8d08002728f74c.nasl

Version: 1.1

Type: local

Published: 1/11/2021

Updated: 1/11/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py36-cairosvg, p-cpe:/a:freebsd:freebsd:py37-cairosvg, cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:py38-cairosvg, p-cpe:/a:freebsd:freebsd:py39-cairosvg

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/10/2021

Vulnerability Publication Date: 12/30/2020