Denial of Service Vulnerability in librsvg from GNOME
CVE-2011-3146

Currently unrated

Key Information:

Vendor

Gnome
Status
Librsvg
Vendor
CVE Published:
5 September 2012

What is CVE-2011-3146?

The librsvg library prior to version 2.34.1 has a flaw where the node name is improperly used to determine the node type. This vulnerability allows attackers to craft SVG files containing nodes with names beginning with 'fe', which can lead to a NULL pointer dereference, resulting in a denial of service. Additionally, there's a possibility for attackers to execute arbitrary code due to this misidentification of the node type as a RsvgFilterPrimitive.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.34/librs...
x_refsource_CONFIRM
http://secunia.com/advisories/45877
third-party-advisoryx_refsource_SECUNIA
https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/82...
x_refsource_MISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.