Resource exhaustion in Gnome Librsvg

CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.021 (79.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2019-20446?
CVE-2019-20446 is a medium-severity vulnerability in Gnome Librsvg, classified under Uncontrolled Resource Consumption. CVSS score: 6.5/10. Published 2020-02-02.
How severe is CVE-2019-20446?
Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2019-20446 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.