CVE-2011-3146
published 2012-09-05CVE-2011-3146: librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer…
PriorityP432medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.42%
90.1th percentile
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | librsvg | < librsvg 2.34.1-1 (bookworm) | librsvg 2.34.1-1 (bookworm) |
| gnome | librsvg | <= 2.34.0 | — |
| gnome | librsvg | >= 0 < 2.34.1-1 | 2.34.1-1 |
| gnome | librsvg | >= 0 < 2.34.1-1 | 2.34.1-1 |
| gnome | librsvg | >= 0 < 2.34.1-1 | 2.34.1-1 |
| gnome | librsvg | >= 0 < 2.34.1-1 | 2.34.1-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
librsvg vulnerability
vendor_ubuntu·2011-09-13
CVE-2011-3146 librsvg vulnerability
Title: librsvg vulnerability
Summary: SVG image rendering library has had flaws fixed.
Sauli Pahlman discovered that librsvg did not correctly handle malformed
filter names. If a user or automated system were tricked into processing a
specially crafted SVG image, a remote attacker could gain user privileges.
Instructions: After a standard system update you need to restart your session to make
all the necessary changes.
Red Hat
librsvg: object type mismatch leading to invalid pointer dereference
vendor_redhat·2011-09-06·CVSS 6.8
CVE-2011-3146 [MEDIUM] librsvg: object type mismatch leading to invalid pointer dereference
librsvg: object type mismatch leading to invalid pointer dereference
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
Package: librsvg2 (Red Hat Enterprise Linux 4) - Not affected
Package: librsvg2 (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2011-3146: librsvg - librsvg before 2.34.1 uses the node name to identify the type of node, which all...
vendor_debian·2011·CVSS 6.8
CVE-2011-3146 [MEDIUM] CVE-2011-3146: librsvg - librsvg before 2.34.1 uses the node name to identify the type of node, which all...
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
Scope: local
bookworm: resolved (fixed in 2.34.1-1)
bullseye: resolved (fixed in 2.34.1-1)
forky: resolved (fixed in 2.34.1-1)
sid: resolved (fixed in 2.34.1-1)
trixie: resolved (fixed in 2.34.1-1)
GHSA
GHSA-x9rw-3x6c-c4h9: librsvg before 2
ghsa_unreviewed·2022-05-17
CVE-2011-3146 [MEDIUM] GHSA-x9rw-3x6c-c4h9: librsvg before 2
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
OSV
CVE-2011-3146: librsvg before 2
osv·2012-09-05·CVSS 6.8
CVE-2011-3146 [MEDIUM] CVE-2011-3146: librsvg before 2
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-3146 librsvg: NULL pointer dereference flaw [fedora-all]
bugzilla·2011-09-07·CVSS 6.8
CVE-2011-3146 [MEDIUM] CVE-2011-3146 librsvg: NULL pointer dereference flaw [fedora-all]
CVE-2011-3146 librsvg: NULL pointer dereference flaw [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=734936
Please note: this issue affects multiple supporte
Bugzilla
CVE-2011-3146 librsvg: object type mismatch leading to invalid pointer dereference
bugzilla·2011-08-31·CVSS 6.8
CVE-2011-3146 [MEDIUM] CVE-2011-3146 librsvg: object type mismatch leading to invalid pointer dereference
CVE-2011-3146 librsvg: object type mismatch leading to invalid pointer dereference
A NULL pointer dereference flaw was reported [1] by Sauli Pahlman in librsvg. If a program linked to librsvg where to open a crafted SVG file, it could cause that application to crash or potentially execute arbitrary code.
[1] https://launchpad.net/bugs/825497
https://bugzilla.gnome.org/show_bug.cgi?id=658014
Discussion:
Created attachment 521134
patch
---
This is now public, and fixed in upstream 2.34.1:
http://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84
---
This issue does not affect the version of librsvg2 shipped with Red Hat
Enterprise Linux 4 and 5.
This issue affects the version of librsvg2 shipped with Red Hat Enterprise Linux 6.
This issue affects the
http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.34/librsvg-2.34.1.newshttp://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065730.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/065739.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/066127.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1289.htmlhttp://secunia.com/advisories/45877https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/825497https://bugzilla.gnome.org/show_bug.cgi?id=658014https://bugzilla.redhat.com/show_bug.cgi?id=734936http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.34/librsvg-2.34.1.newshttp://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065730.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/065739.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/066127.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1289.htmlhttp://secunia.com/advisories/45877https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/825497https://bugzilla.gnome.org/show_bug.cgi?id=658014https://bugzilla.redhat.com/show_bug.cgi?id=734936
2012-09-05
Published