Gnome Librsvg
10 CVEs affecting Gnome Librsvg. Latest disclosed: 2023-07-22. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-1000041 | High | 8.8 | 2018-02-09 | GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in… |
CVE-2017-11464 | High | 7.8 | 2017-07-19 | A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrec… |
CVE-2016-4348 | High | 7.5 | 2016-05-20 | The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application… |
CVE-2015-7558 | High | 7.5 | 2016-05-20 | librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic ref… |
CVE-2015-7557 | High | 7.5 | 2016-05-20 | The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bound… |
CVE-2019-20446 | Medium | 6.5 | 2020-02-02 | In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The at… |
CVE-2023-38633 | Medium | 5.5 | 2023-07-22 | A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem… |
CVE-2016-6163 | Medium | 5.5 | 2017-02-03 | The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via… |
CVE-2013-1881 | | 2013-10-10 | GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an… | |
CVE-2011-3146 | | 2012-09-05 | librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dere… |