Lucene search

[email protected]NVD:CVE-2011-3146

HistorySep 05, 2012 - 11:55 p.m.

CVE-2011-3146

2012-09-0523:55:01

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.007

Percentile

81.0%

JSON

librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with “fe,” which is misidentified as a RsvgFilterPrimitive.

Affected configurations

Nvd

Node

gnomelibrsvgRange≤2.34.0

VendorProductVersionCPE
gnomelibrsvg*cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnome	librsvg	*	cpe:2.3:a:gnome:librsvg::::::::

References

ftp.gnome.org/pub/GNOME/sources/librsvg/2.34/librsvg-2.34.1.news

git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84

lists.fedoraproject.org/pipermail/package-announce/2011-September/065730.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065739.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/066127.html

rhn.redhat.com/errata/RHSA-2011-1289.html

secunia.com/advisories/45877

bugs.launchpad.net/ubuntu/+source/librsvg/+bug/825497

bugzilla.gnome.org/show_bug.cgi?id=658014

bugzilla.redhat.com/show_bug.cgi?id=734936

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.007

Percentile

81.0%

JSON

Related for NVD:CVE-2011-3146

nessus11 openvas12 fedora3 redhat1 debiancve1 cve1 prion1 cvelist1 ubuntu1 securityvulns2 oraclelinux2 ubuntucve1 kitploit1