Buffer Overflow Vulnerability in librsvg2-bin Affects Local Attackers
CVE-2018-25305

6.9MEDIUM

Key Information:

Vendor: Xen Projectial
Status: Rsvg
Vendor: CVE Published:; 29 April 2026

🔔 Create Xen Projectial Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-25305?

The librsvg2-bin version 2.40.13 is susceptible to a buffer overflow vulnerability that can be exploited by local attackers. This vulnerability arises when the rsvg conversion tool processes malformed SVG files, which may lead to a denial of service by causing segmentation faults in the cairo image compositor. Attackers could leverage this flaw to disrupt services reliant on SVG file processing, underscoring the necessity for timely updates and security measures.

Affected Version(s)

RSVG 2.40.13

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-25305 - Proof of Concept

References

https://www.exploit-db.com/exploits/44491

exploit

https://www.vulncheck.com/advisories/librsvg2-bin-buffer-...

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 29, 2026
👾
Exploit known to exist
Apr 29, 2026
Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

Hamm3r.py

CVE-2018-25305 Data

JSON