Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librsvg vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-7557
The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg prior to 2.40.7 allows context-dependent malicious users to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.
Gnome Librsvg
607
VMScore
CVE-2011-3146
librsvg prior to 2.34.1 uses the node name to identify the type of node, which allows context-dependent malicious users to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "...
Gnome Librsvg
605
VMScore
CVE-2017-11464
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
Gnome Librsvg 2.40.17
383
VMScore
CVE-2018-1000041
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appe...
Gnome Librsvg
Debian Debian Linux 7.0
445
VMScore
CVE-2015-7558
librsvg prior to 2.40.12 allows context-dependent malicious users to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
Debian Debian Linux 8.0
Gnome Librsvg
445
VMScore
CVE-2016-4348
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent malicious users to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
Gnome Librsvg
Debian Debian Linux 8.0
Opensuse Opensuse 13.2
Opensuse Leap 42.1
NA
CVE-2023-38633
A directory traversal problem in the URL decoder of librsvg prior to 2.56.3 could be used by local or remote malicious users to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in...
Gnome Librsvg
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 11.0
Debian Debian Linux 12.0
383
VMScore
CVE-2019-20446
In xml.rs in GNOME librsvg prior to 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
Gnome Librsvg
Opensuse Leap 15.1
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Netapp Active Iq Unified Manager -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started