Published: 20/05/2016 Updated: 23/08/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

librsvg prior to 2.40.12 allows context-dependent malicious users to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
gnome librsvg

Gustavo Grieco discovered several flaws in the way librsvg, a SAX-based renderer library for SVG files, parses SVG files with circular definitions A remote attacker can take advantage of these flaws to cause an application using the librsvg library to crash For the stable distribution (jessie), these problems have been fixed in version 2405-1+d ...

librsvg before 24012 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document ...

CWE-20 http://www.openwall.com/lists/oss-security/2015/12/21/5 https://bugzilla.redhat.com/show_bug.cgi?id=1268243 https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61 http://www.openwall.com/lists/oss-security/2016/04/30/3 http://www.debian.org/security/2016/dsa-3584 https://nvd.nist.gov https://www.debian.org/security/./dsa-3584

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-7558

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect