{"id": "FEDORA_2017-BCF1BC0775.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 25 : mingw-librsvg2 (2017-bcf1bc0775)", "description": "MinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-07-31T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/102048", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11464", "https://bodhi.fedoraproject.org/updates/FEDORA-2017-bcf1bc0775"], "cvelist": ["CVE-2017-11464"], "immutableFields": [], "lastseen": "2021-08-19T12:35:59", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:8056D7E25CF4EAEC43FF63CB4179B665", "CFOUNDRY:A705642DDDE9A3B76484AF568F527C6D"]}, {"type": "cve", "idList": ["CVE-2017-11464"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2285-1:1B321", "DEBIAN:DLA-2285-1:9BF97"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-11464"]}, {"type": "fedora", "idList": ["FEDORA:80B87614CE3F", "FEDORA:B5DCF60567EA", "FEDORA:B7B22604E20C", "FEDORA:B92BB64201DD", "FEDORA:DD3166030B34", "FEDORA:E81AE64F7964"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2285.NASL", "EULEROS_SA-2021-1205.NASL", "FEDORA_2017-0B8C45EBF7.NASL", "FEDORA_2017-941058C1F1.NASL", "FEDORA_2017-CF1A42722D.NASL", "FEDORA_2017-CF36278519.NASL", "FEDORA_2017-EE04231942.NASL", "OPENSUSE-2017-915.NASL", "SUSE_SU-2017-2117-1.NASL", "UBUNTU_USN-4436-1.NASL", "UBUNTU_USN-4436-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872905", "OPENVAS:1361412562310872907", "OPENVAS:1361412562310873081", "OPENVAS:1361412562310873191", "OPENVAS:1361412562310873192", "OPENVAS:1361412562310873194"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-11464"]}, {"type": "ubuntu", "idList": ["USN-4436-1", "USN-4436-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-11464"]}], "rev": 4}, "score": {"value": 6.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:8056D7E25CF4EAEC43FF63CB4179B665", "CFOUNDRY:A705642DDDE9A3B76484AF568F527C6D"]}, {"type": "cve", "idList": ["CVE-2017-11464"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2285-1:9BF97"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-11464"]}, {"type": "fedora", "idList": ["FEDORA:80B87614CE3F", "FEDORA:B5DCF60567EA", "FEDORA:B7B22604E20C", "FEDORA:B92BB64201DD", "FEDORA:DD3166030B34", "FEDORA:E81AE64F7964"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2285.NASL", "FEDORA_2017-0B8C45EBF7.NASL", "FEDORA_2017-941058C1F1.NASL", "FEDORA_2017-CF1A42722D.NASL", "FEDORA_2017-CF36278519.NASL", "FEDORA_2017-EE04231942.NASL", "OPENSUSE-2017-915.NASL", "SUSE_SU-2017-2117-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872905", "OPENVAS:1361412562310872907", "OPENVAS:1361412562310873081", "OPENVAS:1361412562310873191", "OPENVAS:1361412562310873192", "OPENVAS:1361412562310873194"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-11464"]}, {"type": "ubuntu", "idList": ["USN-4436-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-11464"]}]}, "exploitation": null, "vulnersScore": 6.1}, "pluginID": "102048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-bcf1bc0775.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102048);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11464\");\n script_xref(name:\"FEDORA\", value:\"2017-bcf1bc0775\");\n\n script_name(english:\"Fedora 25 : mingw-librsvg2 (2017-bcf1bc0775)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464\n(division-by-zero in the Gaussian blur code).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-bcf1bc0775\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-librsvg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-librsvg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"mingw-librsvg2-2.40.18-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-librsvg2\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-librsvg2", "cpe:/o:fedoraproject:fedora:25"], "solution": "Update the affected mingw-librsvg2 package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2017-07-28T00:00:00", "vulnerabilityPublicationDate": "2017-07-19T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}

{"fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "An SVG library based on cairo. ", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-25T00:30:14", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: librsvg2-2.40.18-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464"], "modified": "2017-07-25T00:30:14", "id": "FEDORA:B5DCF60567EA", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "An SVG library based on cairo for MinGW. ", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-28T17:22:45", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: mingw-librsvg2-2.40.18-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464"], "modified": "2017-07-28T17:22:45", "id": "FEDORA:E81AE64F7964", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "An SVG library based on cairo for MinGW. ", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-28T20:51:01", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: mingw-librsvg2-2.40.18-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464"], "modified": "2017-07-28T20:51:01", "id": "FEDORA:80B87614CE3F", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "An SVG library based on cairo for MinGW. ", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-28T19:50:46", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mingw-librsvg2-2.40.18-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464"], "modified": "2017-07-28T19:50:46", "id": "FEDORA:B92BB64201DD", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "An SVG library based on cairo. ", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-24T22:50:34", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: librsvg2-2.40.18-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464"], "modified": "2017-07-24T22:50:34", "id": "FEDORA:DD3166030B34", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "An SVG library based on cairo. ", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-24T19:25:41", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: librsvg2-2.40.18-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464"], "modified": "2017-07-24T19:25:41", "id": "FEDORA:B7B22604E20C", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-04T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-librsvg2 FEDORA-2017-bcf1bc0775", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873194", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873194", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_bcf1bc0775_mingw-librsvg2_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mingw-librsvg2 FEDORA-2017-bcf1bc0775\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873194\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:29 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-11464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-librsvg2 FEDORA-2017-bcf1bc0775\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-librsvg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-librsvg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-bcf1bc0775\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQO4PANQFWATUK6WSCWT7DGUDYVVHYR5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-librsvg2\", rpm:\"mingw32-librsvg2~2.40.18~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-25T00:00:00", "type": "openvas", "title": "Fedora Update for librsvg2 FEDORA-2017-941058c1f1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872907", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872907", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_941058c1f1_librsvg2_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for librsvg2 FEDORA-2017-941058c1f1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872907\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-25 07:39:57 +0200 (Tue, 25 Jul 2017)\");\n script_cve_id(\"CVE-2017-11464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for librsvg2 FEDORA-2017-941058c1f1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'librsvg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"librsvg2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-941058c1f1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JURCP7F3GRSZ3DEM2CUYB52NIUMEN75T\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"librsvg2\", rpm:\"librsvg2~2.40.18~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-04T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-librsvg2 FEDORA-2017-0b8c45ebf7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873191", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873191", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_0b8c45ebf7_mingw-librsvg2_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mingw-librsvg2 FEDORA-2017-0b8c45ebf7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873191\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:49 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-11464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-librsvg2 FEDORA-2017-0b8c45ebf7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-librsvg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-librsvg2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-0b8c45ebf7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7HFZ4WVHN54IYNXFCXMZ5BAFZI2NEGD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-librsvg2\", rpm:\"mingw32-librsvg2~2.40.18~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11464"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-07-25T00:00:00", "id": "OPENVAS:1361412562310872905", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872905", "type": "openvas", "title": "Fedora Update for librsvg2 FEDORA-2017-cf1a42722d", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_cf1a42722d_librsvg2_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for librsvg2 FEDORA-2017-cf1a42722d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872905\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-25 07:39:51 +0200 (Tue, 25 Jul 2017)\");\n script_cve_id(\"CVE-2017-11464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for librsvg2 FEDORA-2017-cf1a42722d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'librsvg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"librsvg2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-cf1a42722d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42VVAL3H74DZDYM2KUXJZ7AGBW4COZ53\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"librsvg2\", rpm:\"librsvg2~2.40.18~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11464"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-08-04T00:00:00", "id": "OPENVAS:1361412562310873192", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873192", "type": "openvas", "title": "Fedora Update for mingw-librsvg2 FEDORA-2017-ee04231942", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_ee04231942_mingw-librsvg2_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mingw-librsvg2 FEDORA-2017-ee04231942\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873192\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:47:02 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-11464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-librsvg2 FEDORA-2017-ee04231942\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-librsvg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-librsvg2 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ee04231942\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XGADRAB5GADK5LIKIZ3ZEU56LS3MM3D\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-librsvg2\", rpm:\"mingw32-librsvg2~2.40.18~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-04T00:00:00", "type": "openvas", "title": "Fedora Update for librsvg2 FEDORA-2017-cf36278519", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873081", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_cf36278519_librsvg2_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for librsvg2 FEDORA-2017-cf36278519\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873081\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:44 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-11464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for librsvg2 FEDORA-2017-cf36278519\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'librsvg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"librsvg2 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-cf36278519\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCJYK3EMB77XGUI2Y3UG6ECQX7YUBE4P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"librsvg2\", rpm:\"librsvg2~2.40.18~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:35:58", "description": "This update librsvg to version 2.40.18 fixes the following issues:\nSecurity issue fixed :\n\n - CVE-2017-11464: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c. (bsc#1049607)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-10T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : librsvg (SUSE-SU-2017:2117-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:gdk-pixbuf-loader-rsvg", "p-cpe:/a:novell:suse_linux:gdk-pixbuf-loader-rsvg-debuginfo", "p-cpe:/a:novell:suse_linux:librsvg-2", "p-cpe:/a:novell:suse_linux:librsvg-2-2", "p-cpe:/a:novell:suse_linux:librsvg-2-2-debuginfo", "p-cpe:/a:novell:suse_linux:librsvg-debugsource", "p-cpe:/a:novell:suse_linux:rsvg-view", "p-cpe:/a:novell:suse_linux:rsvg-view-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2117-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102354", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2117-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102354);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11464\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : librsvg (SUSE-SU-2017:2117-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update librsvg to version 2.40.18 fixes the following issues:\nSecurity issue fixed :\n\n - CVE-2017-11464: A SIGFPE is raised in the function\n box_blur_line of rsvg-filter.c. (bsc#1049607)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11464/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172117-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a79f580e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1315=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1315=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1315=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1315=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1315=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1315=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1315=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gdk-pixbuf-loader-rsvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gdk-pixbuf-loader-rsvg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librsvg-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librsvg-2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librsvg-2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librsvg-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsvg-view\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsvg-view-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"gdk-pixbuf-loader-rsvg-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"gdk-pixbuf-loader-rsvg-debuginfo-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"librsvg-2-2-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"librsvg-2-2-debuginfo-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"librsvg-debugsource-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rsvg-view-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rsvg-view-debuginfo-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"librsvg-2-2-32bit-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"librsvg-2-2-debuginfo-32bit-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"gdk-pixbuf-loader-rsvg-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"gdk-pixbuf-loader-rsvg-debuginfo-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"librsvg-2-2-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"librsvg-2-2-debuginfo-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"librsvg-debugsource-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rsvg-view-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rsvg-view-debuginfo-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"librsvg-2-2-32bit-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"librsvg-2-2-debuginfo-32bit-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"gdk-pixbuf-loader-rsvg-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"gdk-pixbuf-loader-rsvg-debuginfo-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"librsvg-2-2-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"librsvg-2-2-32bit-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"librsvg-2-2-debuginfo-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"librsvg-2-2-debuginfo-32bit-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"librsvg-debugsource-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rsvg-view-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rsvg-view-debuginfo-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"gdk-pixbuf-loader-rsvg-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"gdk-pixbuf-loader-rsvg-debuginfo-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"librsvg-2-2-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"librsvg-2-2-32bit-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"librsvg-2-2-debuginfo-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"librsvg-2-2-debuginfo-32bit-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"librsvg-debugsource-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"rsvg-view-2.40.18-5.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"rsvg-view-debuginfo-2.40.18-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"librsvg\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:47", "description": "librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). For details, see https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.ht ml\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-26T00:00:00", "type": "nessus", "title": "Fedora 26 : librsvg2 (2017-cf36278519)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:librsvg2", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-CF36278519.NASL", "href": "https://www.tenable.com/plugins/nessus/101964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-cf36278519.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101964);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11464\");\n script_xref(name:\"FEDORA\", value:\"2017-cf36278519\");\n\n script_name(english:\"Fedora 26 : librsvg2 (2017-cf36278519)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in\nthe Gaussian blur code). For details, see\nhttps://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.ht\nml\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf36278519\"\n );\n # https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75083099\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected librsvg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:librsvg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"librsvg2-2.40.18-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"librsvg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:44", "description": "MinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-31T00:00:00", "type": "nessus", "title": "Fedora 26 : mingw-librsvg2 (2017-ee04231942)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-librsvg2", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-EE04231942.NASL", "href": "https://www.tenable.com/plugins/nessus/102049", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ee04231942.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102049);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11464\");\n script_xref(name:\"FEDORA\", value:\"2017-ee04231942\");\n\n script_name(english:\"Fedora 26 : mingw-librsvg2 (2017-ee04231942)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464\n(division-by-zero in the Gaussian blur code).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ee04231942\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-librsvg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-librsvg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"mingw-librsvg2-2.40.18-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-librsvg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:51", "description": "MinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "Fedora 24 : mingw-librsvg2 (2017-0b8c45ebf7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-librsvg2", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-0B8C45EBF7.NASL", "href": "https://www.tenable.com/plugins/nessus/102376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-0b8c45ebf7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102376);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11464\");\n script_xref(name:\"FEDORA\", value:\"2017-0b8c45ebf7\");\n\n script_name(english:\"Fedora 24 : mingw-librsvg2 (2017-0b8c45ebf7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464\n(division-by-zero in the Gaussian blur code).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-0b8c45ebf7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-librsvg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-librsvg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"mingw-librsvg2-2.40.18-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-librsvg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:40", "description": "librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). For details, see https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.ht ml\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-27T00:00:00", "type": "nessus", "title": "Fedora 25 : librsvg2 (2017-cf1a42722d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:librsvg2", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-CF1A42722D.NASL", "href": "https://www.tenable.com/plugins/nessus/102007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-cf1a42722d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102007);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11464\");\n script_xref(name:\"FEDORA\", value:\"2017-cf1a42722d\");\n\n script_name(english:\"Fedora 25 : librsvg2 (2017-cf1a42722d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in\nthe Gaussian blur code). For details, see\nhttps://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.ht\nml\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf1a42722d\"\n );\n # https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75083099\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected librsvg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:librsvg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"librsvg2-2.40.18-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"librsvg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:49", "description": "This update librsvg to version 2.40.18 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2017-11464: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c. (bsc#1049607)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : librsvg (openSUSE-2017-915)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gdk-pixbuf-loader-rsvg", "p-cpe:/a:novell:opensuse:gdk-pixbuf-loader-rsvg-32bit", "p-cpe:/a:novell:opensuse:gdk-pixbuf-loader-rsvg-debuginfo", "p-cpe:/a:novell:opensuse:gdk-pixbuf-loader-rsvg-debuginfo-32bit", "p-cpe:/a:novell:opensuse:librsvg-2-2", "p-cpe:/a:novell:opensuse:librsvg-2-2-32bit", "p-cpe:/a:novell:opensuse:librsvg-2-2-debuginfo", "p-cpe:/a:novell:opensuse:librsvg-2-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:librsvg-debugsource", "p-cpe:/a:novell:opensuse:librsvg-devel", "p-cpe:/a:novell:opensuse:rsvg-thumbnailer", "p-cpe:/a:novell:opensuse:rsvg-view", "p-cpe:/a:novell:opensuse:rsvg-view-debuginfo", "p-cpe:/a:novell:opensuse:typelib-1_0-Rsvg-2_0", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-915.NASL", "href": "https://www.tenable.com/plugins/nessus/102469", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-915.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102469);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11464\");\n\n script_name(english:\"openSUSE Security Update : librsvg (openSUSE-2017-915)\");\n script_summary(english:\"Check for the openSUSE-2017-915 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update librsvg to version 2.40.18 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2017-11464: A SIGFPE is raised in the function\n box_blur_line of rsvg-filter.c. (bsc#1049607)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049607\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected librsvg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-loader-rsvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-loader-rsvg-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-loader-rsvg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gdk-pixbuf-loader-rsvg-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:librsvg-2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:librsvg-2-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:librsvg-2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:librsvg-2-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:librsvg-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:librsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsvg-thumbnailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsvg-view\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsvg-view-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-Rsvg-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gdk-pixbuf-loader-rsvg-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gdk-pixbuf-loader-rsvg-debuginfo-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"librsvg-2-2-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"librsvg-2-2-debuginfo-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"librsvg-debugsource-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"librsvg-devel-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"rsvg-thumbnailer-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"rsvg-view-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"rsvg-view-debuginfo-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"typelib-1_0-Rsvg-2_0-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gdk-pixbuf-loader-rsvg-32bit-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gdk-pixbuf-loader-rsvg-debuginfo-32bit-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"librsvg-2-2-32bit-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"librsvg-2-2-debuginfo-32bit-2.40.18-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"gdk-pixbuf-loader-rsvg-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"gdk-pixbuf-loader-rsvg-debuginfo-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"librsvg-2-2-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"librsvg-2-2-debuginfo-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"librsvg-debugsource-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"librsvg-devel-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rsvg-thumbnailer-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rsvg-view-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rsvg-view-debuginfo-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-Rsvg-2_0-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"gdk-pixbuf-loader-rsvg-32bit-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"gdk-pixbuf-loader-rsvg-debuginfo-32bit-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"librsvg-2-2-32bit-2.40.18-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"librsvg-2-2-debuginfo-32bit-2.40.18-12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdk-pixbuf-loader-rsvg / gdk-pixbuf-loader-rsvg-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:07:20", "description": "According to the version of the librsvg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.(CVE-2017-11464)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : librsvg2 (EulerOS-SA-2021-1205)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:librsvg2", "p-cpe:/a:huawei:euleros:librsvg2-devel", "p-cpe:/a:huawei:euleros:librsvg2-tools", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1205.NASL", "href": "https://www.tenable.com/plugins/nessus/146172", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146172);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2017-11464\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : librsvg2 (EulerOS-SA-2021-1205)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the librsvg2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - A SIGFPE is raised in the function box_blur_line of\n rsvg-filter.c in GNOME librsvg 2.40.17 during an\n attempted parse of a crafted SVG file, because of\n incorrect protection against division by\n zero.(CVE-2017-11464)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1205\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3ba04ee\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected librsvg2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:librsvg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:librsvg2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:librsvg2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"librsvg2-2.40.16-1.h1.eulerosv2r7\",\n \"librsvg2-devel-2.40.16-1.h1.eulerosv2r7\",\n \"librsvg2-tools-2.40.16-1.h1.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"librsvg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:49", "description": "librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). For details, see https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.ht ml\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-27T00:00:00", "type": "nessus", "title": "Fedora 24 : librsvg2 (2017-941058c1f1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:librsvg2", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-941058C1F1.NASL", "href": "https://www.tenable.com/plugins/nessus/102003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-941058c1f1.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102003);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11464\");\n script_xref(name:\"FEDORA\", value:\"2017-941058c1f1\");\n\n script_name(english:\"Fedora 24 : librsvg2 (2017-941058c1f1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in\nthe Gaussian blur code). For details, see\nhttps://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.ht\nml\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-941058c1f1\"\n );\n # https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75083099\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected librsvg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:librsvg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"librsvg2-2.40.18-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"librsvg2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:14:08", "description": "It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-28T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : librsvg vulnerabilities (USN-4436-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464", "CVE-2019-20446"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:librsvg2-2", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4436-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139024", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4436-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139024);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2017-11464\", \"CVE-2019-20446\");\n script_xref(name:\"USN\", value:\"4436-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : librsvg vulnerabilities (USN-4436-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that librsvg incorrectly handled parsing certain SVG\nfiles. A remote attacker could possibly use this issue to cause\nlibrsvg to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that\nlibrsvg incorrectly handled parsing certain SVG files with nested\npatterns. A remote attacker could possibly use this issue to cause\nlibrsvg to consume resources and crash, resulting in a denial of\nservice. (CVE-2019-20446).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4436-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected librsvg2-2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11464\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:librsvg2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"librsvg2-2\", pkgver:\"2.40.13-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"librsvg2-2\", pkgver:\"2.40.20-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"librsvg2-2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:14:00", "description": "Several vulnerabilities have been found in librsvg, an SVG rendering library. This update corrects some denial of service issues via exponential element processing, stack exhaustion or application crash when processing specially crafted files, as well as some memory safety issues.\n\nFor Debian 9 stretch, these problems have been fixed in version 2.40.21-0+deb9u1.\n\nWe recommend that you upgrade your librsvg packages.\n\nFor the detailed security status of librsvg please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/librsvg\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-23T00:00:00", "type": "nessus", "title": "Debian DLA-2285-1 : librsvg security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464", "CVE-2019-20446"], "modified": "2020-07-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-rsvg-2.0", "p-cpe:/a:debian:debian_linux:librsvg2-2", "p-cpe:/a:debian:debian_linux:librsvg2-bin", "p-cpe:/a:debian:debian_linux:librsvg2-common", "p-cpe:/a:debian:debian_linux:librsvg2-dev", "p-cpe:/a:debian:debian_linux:librsvg2-doc", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2285.NASL", "href": "https://www.tenable.com/plugins/nessus/138858", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2285-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138858);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/27\");\n\n script_cve_id(\"CVE-2017-11464\", \"CVE-2019-20446\");\n\n script_name(english:\"Debian DLA-2285-1 : librsvg security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been found in librsvg, an SVG rendering\nlibrary. This update corrects some denial of service issues via\nexponential element processing, stack exhaustion or application crash\nwhen processing specially crafted files, as well as some memory safety\nissues.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.40.21-0+deb9u1.\n\nWe recommend that you upgrade your librsvg packages.\n\nFor the detailed security status of librsvg please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/librsvg\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/librsvg\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/librsvg\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-rsvg-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librsvg2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librsvg2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librsvg2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librsvg2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:librsvg2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"gir1.2-rsvg-2.0\", reference:\"2.40.21-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"librsvg2-2\", reference:\"2.40.21-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"librsvg2-bin\", reference:\"2.40.21-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"librsvg2-common\", reference:\"2.40.21-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"librsvg2-dev\", reference:\"2.40.21-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"librsvg2-doc\", reference:\"2.40.21-0+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:13:37", "description": "USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation.\n\nIt was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : librsvg regression (USN-4436-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11464", "CVE-2019-20446"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:librsvg2-2", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4436-2.NASL", "href": "https://www.tenable.com/plugins/nessus/139180", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4436-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139180);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2017-11464\", \"CVE-2019-20446\");\n script_xref(name:\"USN\", value:\"4436-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : librsvg regression (USN-4436-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a\nregression when parsing certain SVG files. This update backs out the\nfix pending further investigation.\n\nIt was discovered that librsvg incorrectly handled parsing certain SVG\nfiles. A remote attacker could possibly use this issue to cause\nlibrsvg to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that\nlibrsvg incorrectly handled parsing certain SVG files with nested\npatterns. A remote attacker could possibly use this issue to cause\nlibrsvg to consume resources and crash, resulting in a denial of\nservice. (CVE-2019-20446).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4436-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected librsvg2-2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11464\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:librsvg2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"librsvg2-2\", pkgver:\"2.40.13-3ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"librsvg2-2\", pkgver:\"2.40.20-2ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"librsvg2-2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:48:54", "description": "A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-24T14:18:51", "type": "redhatcve", "title": "CVE-2017-11464", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464"], "modified": "2019-10-12T00:20:23", "id": "RH:CVE-2017-11464", "href": "https://access.redhat.com/security/cve/cve-2017-11464", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:41:17", "description": "A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME\nlibrsvg 2.40.17 during an attempted parse of a crafted SVG file, because of\nincorrect protection against division by zero.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1697283>\n * <https://bugzilla.gnome.org/show_bug.cgi?id=783835>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[leosilva](<https://launchpad.net/~leosilva>) | code affected is not present in trusty.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-19T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11464", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464"], "modified": "2017-07-19T00:00:00", "id": "UB:CVE-2017-11464", "href": "https://ubuntu.com/security/CVE-2017-11464", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Division-by-zero in the Gaussian blur code (CVE-2017-11464). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T22:16:24", "type": "mageia", "title": "Updated librsvg packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464"], "modified": "2017-08-07T22:16:24", "id": "MGASA-2017-0247", "href": "https://advisories.mageia.org/MGASA-2017-0247.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:36:12", "description": "A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-07-19T21:29:00", "type": "cve", "title": "CVE-2017-11464", "cwe": ["CWE-369"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464"], "modified": "2020-07-28T22:15:00", "cpe": ["cpe:/a:gnome:librsvg:2.40.17"], "id": "CVE-2017-11464", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11464", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnome:librsvg:2.40.17:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-01-29T07:32:18", "description": "A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-19T21:29:00", "type": "debiancve", "title": "CVE-2017-11464", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464"], "modified": "2017-07-19T21:29:00", "id": "DEBIANCVE:CVE-2017-11464", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11464", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T11:18:12", "description": "USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a \nregression when parsing certain SVG files. This update backs out the fix \npending further investigation.\n\nOriginal advisory details:\n\nIt was discovered that librsvg incorrectly handled parsing certain SVG \nfiles. A remote attacker could possibly use this issue to cause librsvg to \ncrash, resulting in a denial of service. This issue only affected Ubuntu \n16.04 LTS. (CVE-2017-11464)\n\nIt was discovered that librsvg incorrectly handled parsing certain SVG \nfiles with nested patterns. A remote attacker could possibly use this issue \nto cause librsvg to consume resources and crash, resulting in a denial of \nservice. (CVE-2019-20446)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-29T00:00:00", "type": "ubuntu", "title": "librsvg regression", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20446", "CVE-2017-11464"], "modified": "2020-07-29T00:00:00", "id": "USN-4436-2", "href": "https://ubuntu.com/security/notices/USN-4436-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T11:18:37", "description": "It was discovered that librsvg incorrectly handled parsing certain SVG \nfiles. A remote attacker could possibly use this issue to cause librsvg to \ncrash, resulting in a denial of service. This issue only affected Ubuntu \n16.04 LTS. (CVE-2017-11464)\n\nIt was discovered that librsvg incorrectly handled parsing certain SVG \nfiles with nested patterns. A remote attacker could possibly use this issue \nto cause librsvg to consume resources and crash, resulting in a denial of \nservice. (CVE-2019-20446)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-27T00:00:00", "type": "ubuntu", "title": "librsvg vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20446", "CVE-2017-11464"], "modified": "2020-07-27T00:00:00", "id": "USN-4436-1", "href": "https://ubuntu.com/security/notices/USN-4436-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2021-08-11T17:39:12", "description": "# \n\n## Severity\n\nUnknown\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nUSN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation.\n\nOriginal advisory details:\n\nIt was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464)\n\nIt was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446)\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is unknown unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.202.0\n * CF Deployment \n * All versions prior to v13.12.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade All versions to 0.202.0 or greater\n * CF Deployment \n * Upgrade All versions to v13.12.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4436-2/>)\n\n## History\n\n2020-08-27: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-08-27T00:00:00", "type": "cloudfoundry", "title": "USN-4436-2: librsvg regression | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464", "CVE-2019-20446"], "modified": "2020-08-27T00:00:00", "id": "CFOUNDRY:8056D7E25CF4EAEC43FF63CB4179B665", "href": "https://www.cloudfoundry.org/blog/usn-4436-2/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-11T17:39:14", "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464)\n\nIt was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446)\n\nCVEs contained in this USN include: CVE-2017-11464, CVE-2019-20446.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.201.0\n * CF Deployment \n * All versions prior to v13.11.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade All versions to 0.201.0 or greater\n * CF Deployment \n * Upgrade All versions to v13.11.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4436-1/>)\n * [CVE-2017-11464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11464>)\n * [CVE-2019-20446](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20446>)\n\n## History\n\n2020-08-27: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-08-27T00:00:00", "type": "cloudfoundry", "title": "USN-4436-1: librsvg vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464", "CVE-2019-20446"], "modified": "2020-08-27T00:00:00", "id": "CFOUNDRY:A705642DDDE9A3B76484AF568F527C6D", "href": "https://www.cloudfoundry.org/blog/usn-4436-1/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T11:20:13", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2285-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nJuly 22, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : librsvg\nVersion : 2.40.21-0+deb9u1\nCVE ID : CVE-2017-11464 CVE-2019-20446\n\nSeveral vulnerabilities have been found in librsvg, an SVG rendering\nlibrary. This update corrects some denial of service issues via\nexponential element processing, stack exhaustion or application crash\nwhen processing specially crafted files, as well as some memory safety\nissues.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.40.21-0+deb9u1.\n\nWe recommend that you upgrade your librsvg packages.\n\nFor the detailed security status of librsvg please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/librsvg\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-22T11:06:01", "type": "debian", "title": "[SECURITY] [DLA 2285-1] librsvg security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464", "CVE-2019-20446"], "modified": "2020-07-22T11:06:01", "id": "DEBIAN:DLA-2285-1:1B321", "href": "https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T15:09:53", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2285-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nJuly 22, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : librsvg\nVersion : 2.40.21-0+deb9u1\nCVE ID : CVE-2017-11464 CVE-2019-20446\n\nSeveral vulnerabilities have been found in librsvg, an SVG rendering\nlibrary. This update corrects some denial of service issues via\nexponential element processing, stack exhaustion or application crash\nwhen processing specially crafted files, as well as some memory safety\nissues.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.40.21-0+deb9u1.\n\nWe recommend that you upgrade your librsvg packages.\n\nFor the detailed security status of librsvg please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/librsvg\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-22T11:06:01", "type": "debian", "title": "[SECURITY] [DLA 2285-1] librsvg security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11464", "CVE-2019-20446"], "modified": "2020-07-22T11:06:01", "id": "DEBIAN:DLA-2285-1:9BF97", "href": "https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}