CVE-2019-20446

6.5MEDIUM

Key Information:

Vendor: Gnome
Status: Librsvg
Vendor: CVE Published:; 2 February 2020

Summary

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

References

https://gitlab.gnome.org/GNOME/librsvg/issues/515

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2020
Vulnerability Reserved
Feb 2, 2020

.