(Note CVE-2016-4347 is a duplicate of CVE-2015-7558)
Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were
found (they will produce stack exhaustion) by Gustavo Grieco.
The version in wheezy (2.36.1-2+deb7u1) is also vulnerable.
For Debian 7 Wheezy, these problems have been fixed in version
2.36.1-2+deb7u2.
We recommend that you upgrade your librsvg packages.