{"affected":[{"ecosystem_specific":{"binaries":[{"gdk-pixbuf-loader-rsvg":"2.52.12-150400.3.9.1","librsvg-2-2":"2.52.12-150400.3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.3","name":"librsvg","purl":"pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.52.12-150400.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"gdk-pixbuf-loader-rsvg":"2.52.12-150400.3.9.1","librsvg-2-2":"2.52.12-150400.3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.4","name":"librsvg","purl":"pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Micro%205.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.52.12-150400.3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"gdk-pixbuf-loader-rsvg":"2.52.12-150400.3.9.1","librsvg-2-2":"2.52.12-150400.3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.5","name":"librsvg","purl":"pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.52.12-150400.3.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for librsvg fixes the following issues:\n\nUpdate to version 2.52.12.\n  \n- CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode\n  labels that do not produce any non-ASCII output when decoded (bsc#1243867).\n- CVE-2024-43806: rustix: unbounded memory explosion leading to an application OOM crash when using the `rustix::fs::Dir`\n  iterator with the `linux_raw` backend (bsc#1229950).\n","id":"SUSE-SU-2025:4411-1","modified":"2025-12-16T11:35:35Z","published":"2025-12-16T11:35:35Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20254411-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1229950"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243867"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-12224"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-43806"}],"related":["CVE-2024-12224","CVE-2024-43806"],"summary":"Security update for librsvg","upstream":["CVE-2024-12224","CVE-2024-43806"]}