Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1qOTg0LXE0cWMtNnF4Zs4AAdNg

High EPSS: 0.0121% (0.77807 Percentile) EPSS:
Permalink JSON

librsvg DoS via Cyclic References

Affected Packages Affected Versions Fixed Versions
cargo:librsvg < 2.40.12 2.40.12
2 Dependent packages
2 Dependent repositories
73,337 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

2.56.0, 2.56.92, 2.57.0, 2.57.1, 2.57.2, 2.57.3, 2.58.0, 2.58.1, 2.58.2, 2.58.3, 2.58.4, 2.58.5, 2.59.0, 2.59.1, 2.59.2, 2.60.0

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

References:

Identifiers

GHSA-j984-q4qc-6qxf

CVE-2015-7558

Risk

Severity

High

EPSS

EPSS Percentage: 0.0121

EPSS Percentile: 0.77807

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

about 3 years ago

Updated

almost 2 years ago

API

JSON