CVE-2011-3146

Currently unrated

Key Information:

Vendor: Gnome
Status: Librsvg
Vendor: CVE Published:; 5 September 2012

Summary

librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.

References

http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.34/librs...

x_refsource_CONFIRM

http://secunia.com/advisories/45877

third-party-advisoryx_refsource_SECUNIA

https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/82...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 5, 2012