DEBIAN-CVE-2016-4348

The rsvgcssnormalizefontsize function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service stack consumption and application crash via circular definitions in an SVG document...

DEBIAN-CVE-2015-7557

The rsvgnodepolybuildpath function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service out-of-bounds heap read via an odd number of elements in a coordinate pair in an SVG document...

UBUNTU-CVE-2016-4348

The rsvgcssnormalizefontsize function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service stack consumption and application crash via circular definitions in an SVG document...

UBUNTU-CVE-2015-7557

The rsvgnodepolybuildpath function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service out-of-bounds heap read via an odd number of elements in a coordinate pair in an SVG document...

UBUNTU-CVE-2015-7558

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service infinite loop, stack consumption, and application crash via cyclic references in an SVG document...

librsvg2 Out-of-Bounds Heap Read Vulnerability

librsvg2 is an SVG rendering engine written in C. It can be used to render a number of SVG files. A security vulnerability exists in librsvg2. An attacker can exploit this vulnerability to cause an out-of-bounds heap read with an SVG file...

RoundCube Webmail Cross-Site Scripting Vulnerability (CNVD-2016-02711)

RoundCube Webmail is a browser-based IMAP client mail client. A cross-site scripting vulnerability exists in RoundCube Webmail, which can be exploited to inject arbitrary web script or HTML with the help of specially crafted Svg image files...

PT-2017-8454

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.0.9 Roundcube Webmail versions 1.1.x prior to 1.1.5 Description A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via a crafted SVG. Recommendations For versio...

The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the nsScannerString::AppendUnicodeTo function in Thunderbird email clients, as well as in Firefox and Firefox ESR browsers, arises due to buffer overflows. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure memory exhaustion ...

batik: XML External Entity (XXE) injection in SVG parsing

It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more...

Cross-site Scripting (XSS)

Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. via the SVG element. The element can reference external SVG's same origin and can include xlink:href javascript urls or foreign object that can execute XSS. The change disallows elements in...

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131)

The 1 AddWeightedPathSegLists and 2 SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a...

UBUNTU-CVE-2015-4518

The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy CSP protection mechanism and conduct cross-site scripting XSS attacks via vectors involving SVG animations and the about:reader...

RHEL 6 / 7 : libwmf (RHSA-2015:1917)

Updated libwmf packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Oracle Linux 6 / 7 : libwmf (ELSA-2015-1917)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1917 advisory. - Resolves: rhbz1227428 - CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 Tenable has extracted the preceding description block directly fr...

libwmf security update

CentOS Errata and Security Advisory CESA-2015:1917 Updated libwmf packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

[SECURITY] Fedora 22 Update: libwmf-0.2.8.4-46.fc22

A library for reading and converting Windows MetaFile vector graphics WMF...

[SECURITY] Fedora 23 Update: libwmf-0.2.8.4-46.fc23

A library for reading and converting Windows MetaFile vector graphics WMF...

[SECURITY] Fedora 21 Update: libwmf-0.2.8.4-45.fc21

A library for reading and converting Windows MetaFile vector graphics WMF...

[SECURITY] Fedora 21 Update: batik-1.8-0.18.svn1230816.fc21

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...