CVE-2016-6163

Опубликовано: 03 фев. 2017

Источник: debian

EPSS Низкий

Описание

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
librsvg	fixed	2.40.9-2		package
librsvg	no-dsa		jessie	package
librsvg	not-affected		wheezy	package

Примечания

Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022 (2.40.7)
Reproducer attached in http://seclists.org/oss-sec/2016/q3/7

EPSS

Процентиль: 62%

0.00434

Низкий

Связанные уязвимости

CVE-2016-6163

CVSS3: 5.5

ubuntu

около 9 лет назад

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.

CVE-2016-6163

CVSS3: 4.3

redhat

больше 9 лет назад

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.

CVE-2016-6163

CVSS3: 5.5

nvd

около 9 лет назад

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.

GHSA-j5fp-32j6-2xmr

CVSS3: 5.5

github

больше 3 лет назад

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.

EPSS

Процентиль: 62%

0.00434

Низкий