Fedora 43: lunasvg Critical Update for Various Flaws 2025-58c0baba42
fedora
December 10, 2025
Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files
Summary
LunaSVG is a standalone SVG rendering library in C++.
Update Information:
Unbundle plutovg from lunasvg, this avoids shipping a duplicate library with conflicting files. Update lunasvg to consume the plutovg version already available in the repositories and to fix various CVEs. Rebuild imhex for the updated lunasvg.
Topics Covered
Change Log
* Mon Dec 1 2025 Simone Caronni
References
[ 1 ] Bug #2295891 - lunasvg-3.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2295891
[ 2 ] Bug #2341675 - CVE-2024-57719 CVE-2024-57720 CVE-2024-57721 CVE-2024-57722 CVE-2024-57723 CVE-2024-57724 lunasvg: various flaws [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2341675
[ 3 ] Bug #2343567 - CVE-2024-55456 lunasvg: From CVEorg collector [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2343567
[ 4 ] Bug #2400407 - file conflict between plutovg-devel and lunasvg-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2400407
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-58c0baba42' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: lunasvg
Product: Fedora 43
Version: 3.5.0
Release: 1.fc43
Summary: Standalone SVG rendering library in C++
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!