Brian May

**Name of the Vulnerable Software and Affected Versions** librsvg version 2.40.2 **Description** The issue allows context-dependent attackers to cause a denial of service, resulting in stack consumption and application crash, via circular definitions in an SVG document. This occurs due to the ` rsvg css normalize font size` function. **Recommendations** For librsvg version 2.40.2, consider updating to a newer version that addresses this issue, as the current version allows for a denial of service attack through specifically crafted SVG documents. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pstotext versions prior to 1.9 **Description** The issue allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name. **Recommendations** For versions prior to 1.9, update to version 1.9 or later to resolve the issue. As a temporary workaround, consider avoiding the use of shell metacharacters in file names to minimize the risk of exploitation.