CVE-2023-38633 – librsvg: Arbitrary file read when xinclude href has special characters
https://notcve.org/view.php?id=CVE-2023-38633
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?.. • http://seclists.org/fulldisclosure/2023/Jul/43 http://www.openwall.com/lists/oss-security/2023/07/27/1 http://www.openwall.com/lists/oss-security/2023/09/06/10 https://bugzilla.suse.com/show_bug.cgi?id=1213502 https://gitlab.gnome.org/GNOME/librsvg/-/issues/996 https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626 https://lists.fedoraproject.org • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-20446 – librsvg: Resource exhaustion via crafted SVG file with nested patterns
https://notcve.org/view.php?id=CVE-2019-20446
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. En el archivo xml.rs en GNOME librsvg versiones anteriores a 2.46.2, un archivo SVG diseñado con patrones anidados puede causar una denegación de servicio cuando es pasado a la biblioteca para su procesamiento. El atacante construye elementos de patrón para que el número de objetos renderizados finales aumente exponencialmente. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html https://gitlab.gnome.org/GNOME/librsvg/issues/515 https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP https://security.netapp.com/advisory/ntap-20221111-0004 https://usn.ubuntu.com/443 • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-1000041
https://notcve.org/view.php?id=CVE-2018-1000041
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. GNOME librsvg, en versiones anteriores al commit con ID c6ddf2ed4d768fd88adbea2b63f575cd523022ea, contiene una vulnerabilidad de validación de entradas indebida en rsvg-io.c que puede resultar en que el hash del nombre de usuario de Windows y la contraseña NTLM de una víctima se filtren a atacantes remotos mediante SMB. El ataque parece ser explotable mediante una víctima que procese un archivo SVG especialmente manipulado que contenga una ruta UNC en Windows. • https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea https://github.com/ImageMagick/librsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd https://lists.debian.org/debian-lts-announce/2018/02/msg00013.html •
CVE-2017-11464
https://notcve.org/view.php?id=CVE-2017-11464
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. Un SIGFPE se genera en la función box_blur_line del archivo rsvg-filter.c en GNOME librsvg versión 2.40.17 durante un intento de análisis de un archivo SVG creado, debido a la protección incorrecta contra la división por cero. • http://www.securityfocus.com/bid/99956 https://bugzilla.gnome.org/show_bug.cgi?id=783835 https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html https://usn.ubuntu.com/4436-1 • CWE-369: Divide By Zero •
CVE-2016-6163
https://notcve.org/view.php?id=CVE-2016-6163
The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. La función rsvg_pattern_fix_fallback en rsvg-paint_server.c en librsvg2 2.40.2 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo svg manipulado. • http://www.openwall.com/lists/oss-security/2016/07/04/3 http://www.openwall.com/lists/oss-security/2016/07/05/9 https://bugzilla.redhat.com/show_bug.cgi?id=1353520 • CWE-125: Out-of-bounds Read •