Denial of Service Vulnerability in librsvg by GNOME
CVE-2016-4348

7.5HIGH

Key Information:

Vendor

Gnome
Status
Librsvg
Vendor
CVE Published:
20 May 2016

What is CVE-2016-4348?

The _rsvg_css_normalize_font_size function in librsvg version 2.40.2 can be exploited by attackers through the use of circular definitions within SVG documents. This vulnerability can lead to an application crash due to excessive stack consumption, potentially disrupting services that rely on librsvg for rendering SVG graphics.

References

http://www.openwall.com/lists/oss-security/2016/04/28/4
mailing-listx_refsource_MLIST
https://git.gnome.org/browse/librsvg/commit/?id=d1c919194...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/04/30/3
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.