Denial of Service Vulnerability in librsvg from GNOME
CVE-2011-3146

Currently unrated

Key Information:

Vendor: Gnome
Status: Librsvg
Vendor: CVE Published:; 5 September 2012

What is CVE-2011-3146?

The librsvg library prior to version 2.34.1 has a flaw where the node name is improperly used to determine the node type. This vulnerability allows attackers to craft SVG files containing nodes with names beginning with 'fe', which can lead to a NULL pointer dereference, resulting in a denial of service. Additionally, there's a possibility for attackers to execute arbitrary code due to this misidentification of the node type as a RsvgFilterPrimitive.

References

http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.34/librs...

x_refsource_CONFIRM

http://secunia.com/advisories/45877

third-party-advisoryx_refsource_SECUNIA

https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/82...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 5, 2012

Gnome

What is CVE-2011-3146?

References

Timeline