Описание
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.34.1-1 |
| hardy | ignored | end of life |
| lucid | released | 2.26.3-0ubuntu1.1 |
| maverick | released | 2.32.0-0ubuntu1.1 |
| natty | released | 2.32.1-0ubuntu3.1 |
| upstream | released | 2.34.1-1 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
librsvg before 2.34.1 uses the node name to identify the type of node, ...
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
EPSS
6.8 Medium
CVSS2