EIQ-2021-0004


ID

EIQ-2021-0004

CVE

CVE-2021-21236

Description

CairoSVG is vulnerable to regular expression denial of service

Date

25 Jan 2021

Severity

2 - MEDIUM

CVSSv3 score

5.5

Status

images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/check.svg 2.10.0

Assessment

CairoSVG is an SVG converter based on Cairo.
CairoSVG versions 2.5.0 and earlier is vulnerable to regular expression denial of service (ReDoS).

Affected versions of the SVG converter may take quadratic time to parse crafted regular expressions such as the ones described in the Regular Expression Denial of Service and the SNYK-PYTHON-CAIROSVG-1056423 vulnerability advisories.

A signed-in user without admin access rights could exploit the vulnerability if they have at least the following permission:

  • modify blob-uploads

To exploit the vulnerability, the user would need to manually upload a maliciously crafted .svg file to the platform.
Parsing the .svg file content with cairosvg would take quadratic time, which is computationally expensive.

This may result in a denial of service (CPU consumption): the currently active platform view may freeze.
To restore the view, the user would need to refresh the browser tab.

Mitigation

CairoSVG 2.5.1 addresses the vulnerability.

Affected versions

2.9.1 and earlier.

Notes

For more information, see

images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/information.svg    This section is not visible to users accessing the public docs, it's for internal reference   images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/information.svg

See also:

< Back to all security issues and mitigation actions

In release notes 2.9.1

In release notes 2.9.2

In release notes 2.10.0