In xml.rs in GNOME librsvg prior to 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnome librsvg |
||
opensuse leap 15.1 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
netapp active iq unified manager - |