Skip to main content

Librsvg

8 CVEs product

Monthly

CVE-2023-38633 MEDIUM POC PATCH This Month

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Librsvg Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2018-1000041 HIGH This Week

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Librsvg Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2017-11464 HIGH PATCH This Week

A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Librsvg
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-6163 MEDIUM PATCH This Month

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Librsvg
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-4348 HIGH This Week

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Librsvg Debian Linux Leap Opensuse
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2015-7558 Cargo HIGH PATCH This Week

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Debian Linux Librsvg
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2015-7557 HIGH This Week

The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Librsvg
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2013-1881 MEDIUM This Month

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE Librsvg
NVD
CVSS 2.0
4.3
EPSS
7.8%
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Librsvg Fedora +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Librsvg +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Librsvg
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Librsvg Debian Linux +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Debian Linux Librsvg
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Librsvg
NVD
EPSS 8% CVSS 4.3
MEDIUM This Month

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE Librsvg
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy