282 matches found
UBUNTU-CVE-2023-38633
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...
Directory traversal
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...
CVE-2023-38633
CVE-2023-38633 relates to a directory traversal in the URL decoder of librsvg up to version 2.56.3. The vulnerability could allow local or remote attackers to disclose files on the local filesystem outside the intended area, demonstrated via href=".?../../../../../../../../../../etc/passwd" in an...
librsvg 路径遍历漏洞
librsvg is the GNOME project's library for rendering SVG images to the Cairo surface, which is used by GNOME to render SVG icons. It is used by GNOME to render SVG icons. It is also used by other desktop environments outside of GNOME for similar purposes. Wikimedia uses it for Wikipedia's SVG...
CVE-2023-38633
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...
CVE-2023-38633
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside of the expected area, as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element...
PT-2023-4918 · Librsvg +8 · Librsvg +8
Name of the Vulnerable Software and Affected Versions: librsvg versions prior to 2.56.3 Description: The issue is related to a directory traversal problem in the URL decoder of librsvg. This problem can be exploited by local or remote attackers to disclose files on the local filesystem outside of...
Debian: Security Advisory (DLA-477-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-395-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2011-3146
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service NULL pointer dereference and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as ...
SUSE CVE-2015-7557
The rsvgnodepolybuildpath function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service out-of-bounds heap read via an odd number of elements in a coordinate pair in an SVG document...
SUSE CVE-2015-7558
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service infinite loop, stack consumption, and application crash via cyclic references in an SVG document...
SUSE CVE-2016-4348
The rsvgcssnormalizefontsize function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service stack consumption and application crash via circular definitions in an SVG document...
SUSE CVE-2017-11464
A SIGFPE is raised in the function boxblurline of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero...
SUSE CVE-2018-1000041
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable v...
SUSE CVE-2019-20446
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...
GHSA-J984-Q4QC-6QXF librsvg DoS via Cyclic References
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service infinite loop, stack consumption, and application crash via cyclic references in an SVG document...
librsvg DoS via Cyclic References
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service infinite loop, stack consumption, and application crash via cyclic references in an SVG document...
Mageia: Security Advisory (MGASA-2021-0234)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2018-0297)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...