| Package | librsvg |
|---|---|
| Version | 2.40.5-1+deb8u3 |
| Related CVEs | CVE-2016-6163 CVE-2019-20446 |
Several issues have been fixed in librsvg, a library for rendering SVG files. This update corrects some denial of service via infinite loop or exponential element processing when parsing specially crafted files, as well as some memory safety issues.
For Debian 8 jessie, these problems have been fixed in version 2.40.5-1+deb8u3.
We recommend that you upgrade your librsvg packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.