Division by Zero Vulnerability in GNOME librsvg
CVE-2017-11464

7.8HIGH

Key Information:

Vendor

Gnome
Status
Librsvg
Vendor
CVE Published:
19 July 2017

What is CVE-2017-11464?

In GNOME librsvg version 2.40.17, a vulnerability exists in the box_blur_line function within the rsvg-filter.c file. This flaw can be triggered while parsing a maliciously crafted SVG file, leading to a SIGFPE (signal for floating point exception) due to inadequate division by zero protection. This vulnerability emphasizes the need for proper input validation to prevent unexpected behavior and potential exploitation, impacting users and applications relying on this library for handling SVG graphics.

References

https://bugzilla.gnome.org/show_bug.cgi?id=783835
x_refsource_CONFIRM
https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a2...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99956
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.