CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-20446 – librsvg: Resource exhaustion via crafted SVG file with nested patterns
https://notcve.org/view.php?id=CVE-2019-20446
02 Feb 2020 — In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. En el archivo xml.rs en GNOME librsvg versiones anteriores a 2.46.2, un archivo SVG diseñado con patrones anidados puede causar una denegación de servicio cuando es pasado a la biblioteca para su procesamiento. El atacante construye elementos de patrón... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1000041
https://notcve.org/view.php?id=CVE-2018-1000041
09 Feb 2018 — GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. GNOME librsvg, en versiones anteriores al commit con ID c6ddf2ed4d768fd88adbea2b63f575cd523022ea, contiene una vulnerabilida... • https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11464 – Ubuntu Security Notice USN-4436-2
https://notcve.org/view.php?id=CVE-2017-11464
19 Jul 2017 — A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. Un SIGFPE se genera en la función box_blur_line del archivo rsvg-filter.c en GNOME librsvg versión 2.40.17 durante un intento de análisis de un archivo SVG creado, debido a la protección incorrecta contra la división por cero. USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when ... • http://www.securityfocus.com/bid/99956 • CWE-369: Divide By Zero •