17 matches found
MiracleLinux 8 : librsvg2-2.42.7-4.0.1.el8 (AXSA:2021-1255:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1255:01 advisory. librsvg: Resource exhaustion via crafted SVG file with nested patterns CVE-2019-20446 Tenable has extracted the preceding description block directly from the...
EUVD-2011-3114
Malware in sbrugna...
EUVD-2015-7471
Malware in sbrugna...
EUVD-2022-4321
Malicious code in bioql PyPI...
librsvg 路径遍历漏洞
librsvg is the GNOME project's library for rendering SVG images to the Cairo surface, which is used by GNOME to render SVG icons. It is used by GNOME to render SVG icons. It is also used by other desktop environments outside of GNOME for similar purposes. Wikimedia uses it for Wikipedia's SVG...
SUSE CVE-2016-4348
The rsvgcssnormalizefontsize function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service stack consumption and application crash via circular definitions in an SVG document...
SUSE CVE-2018-1000041
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable v...
The vulnerability of many functions in the librsvg vector graphics rendering library, related to a resource management mechanism error, allows attackers to cause service failures.
The vulnerability of many functions in the librsvg vector graphics rendering library is related to a resource management mechanism error. Exploiting this vulnerability allows an attacker to cause service interruptions...
Denial Of Service (DoS)
librsvg is vulnerable to denial of service. An attacker is able to cause a resource exhaustion via a malicious SVG file containing nested patterns...
GNOME librsvg xml.rs file denial of service vulnerability
GNOME librsvg is an open source SVG graphics development library for the GNOME project. A security vulnerability exists in the xml.rs file in GNOME librsvg versions prior to 2.46.2. An attacker can exploit this vulnerability to cause a denial of service with a specially crafted SVG file...
CVE-2015-7557
The rsvgnodepolybuildpath function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service out-of-bounds heap read via an odd number of elements in a coordinate pair in an SVG document...
CVE-2016-4348
The rsvgcssnormalizefontsize function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service stack consumption and application crash via circular definitions in an SVG document...
librsvg2 Out-of-Bounds Heap Read Vulnerability
librsvg2 is an SVG rendering engine written in C. It can be used to render a number of SVG files. A security vulnerability exists in librsvg2. An attacker can exploit this vulnerability to cause an out-of-bounds heap read with an SVG file...
LibRSVG '_rsvg_css_normalize_font_size' function denial of service vulnerability
LibRSVG is a SVG rendering engine written in C . A security vulnerability in the 'rsvgcssnormalizefontsize' function of LibRSVG allows remote attackers to cause a denial-of-service attack by exploiting the vulnerability to crash applications linking to this library...
Ubuntu 12.04 LTS / 12.10 / 13.10 : librsvg vulnerability (USN-2149-1)
It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files. Note that Tenable Network Security has extracted the preceding description block directly from...
Null pointer dereference
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service NULL pointer dereference and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as ...
CVE-2011-3146
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service NULL pointer dereference and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as ...