Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1qOTg0LXE0cWMtNnF4Zs4AAdNg

librsvg DoS via Cyclic References

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

Permalink: https://github.com/advisories/GHSA-j984-q4qc-6qxf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qOTg0LXE0cWMtNnF4Zs4AAdNg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 9 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-j984-q4qc-6qxf, CVE-2015-7558
References:

• https://nvd.nist.gov/vuln/detail/CVE-2015-7558
• https://bugzilla.redhat.com/show_bug.cgi?id=1268243
• https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61
• http://www.debian.org/security/2016/dsa-3584
• http://www.openwall.com/lists/oss-security/2015/12/21/5
• http://www.openwall.com/lists/oss-security/2016/04/30/3
• https://github.com/advisories/GHSA-j984-q4qc-6qxf

Blast Radius: 2.3

Affected Packages