CVE-2016-4348
published 2016-05-20CVE-2016-4348: The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application…
PriorityP431high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.43%
82.2th percentile
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | librsvg | < librsvg 2.40.12-1 (bookworm) | librsvg 2.40.12-1 (bookworm) |
| gnome | librsvg | <= 2.40.1 | — |
| gnome | librsvg | >= 0 < 2.40.12-1 | 2.40.12-1 |
| gnome | librsvg | >= 0 < 2.40.12-1 | 2.40.12-1 |
| gnome | librsvg | >= 0 < 2.40.12-1 | 2.40.12-1 |
| gnome | librsvg | >= 0 < 2.40.12-1 | 2.40.12-1 |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7wvm-3hhw-ch57: The _rsvg_css_normalize_font_size function in librsvg 2
ghsa_unreviewed·2022-05-14
CVE-2016-4348 [HIGH] CWE-20 GHSA-7wvm-3hhw-ch57: The _rsvg_css_normalize_font_size function in librsvg 2
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
OSV
CVE-2016-4348: The _rsvg_css_normalize_font_size function in librsvg 2
osv·2016-05-20·CVSS 7.5
CVE-2016-4348 [HIGH] CVE-2016-4348: The _rsvg_css_normalize_font_size function in librsvg 2
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
Red Hat
librsvg2: DoS parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function
vendor_redhat·2016-04-28·CVSS 7.5
CVE-2016-4348 [HIGH] CWE-674 librsvg2: DoS parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function
librsvg2: DoS parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
Package: librsvg2 (Red Hat Enterprise Linux 5) - Will not fix
Package: librsvg2 (Red Hat Enterprise Linux 6) - Will not fix
Package: librsvg2 (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2016-4348: librsvg - The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-depe...
vendor_debian·2016·CVSS 7.5
CVE-2016-4348 [HIGH] CVE-2016-4348: librsvg - The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-depe...
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
Scope: local
bookworm: resolved (fixed in 2.40.12-1)
bullseye: resolved (fixed in 2.40.12-1)
forky: resolved (fixed in 2.40.12-1)
sid: resolved (fixed in 2.40.12-1)
trixie: resolved (fixed in 2.40.12-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-4347 CVE-2016-4348 librsvg2: various flaws [fedora-all]
bugzilla·2016-04-29·CVSS 7.5
CVE-2016-4347 [HIGH] CVE-2016-4347 CVE-2016-4348 librsvg2: various flaws [fedora-all]
CVE-2016-4347 CVE-2016-4348 librsvg2: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While
Bugzilla
CVE-2016-4347 CVE-2016-4348 mingw-librsvg2: various flaws [fedora-all]
bugzilla·2016-04-29·CVSS 7.5
CVE-2016-4347 [HIGH] CVE-2016-4347 CVE-2016-4348 mingw-librsvg2: various flaws [fedora-all]
CVE-2016-4347 CVE-2016-4348 mingw-librsvg2: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
Bugzilla
CVE-2016-4348 librsvg2: DoS parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function
bugzilla·2016-04-29·CVSS 7.5
CVE-2016-4348 [HIGH] CVE-2016-4348 librsvg2: DoS parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function
CVE-2016-4348 librsvg2: DoS parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function
A denial of service flaw was found in the way the librsvg2 library parsed SVG files. A specially crafted SVG file with circular definitions could cause an application using librsvg2 to crash.
This flaw is in the _rsvg_css_normalize_font_size() function.
Reference (including reproducer):
http://seclists.org/oss-sec/2016/q2/161
Discussion:
Created librsvg2 tracking bugs for this issue:
Affects: fedora-all [bug 1331727]
---
Created mingw-librsvg2 tracking bugs for this issue:
Affects: fedora-all [bug 1331728]
---
Upstream fix:
https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2
This fix is two commits before the other commit.
http://lists.opensuse.org/opensuse-updates/2016-05/msg00079.htmlhttp://www.debian.org/security/2016/dsa-3584http://www.openwall.com/lists/oss-security/2016/04/28/4http://www.openwall.com/lists/oss-security/2016/04/28/7http://www.openwall.com/lists/oss-security/2016/04/30/3http://www.openwall.com/lists/oss-security/2016/05/10/15https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2http://lists.opensuse.org/opensuse-updates/2016-05/msg00079.htmlhttp://www.debian.org/security/2016/dsa-3584http://www.openwall.com/lists/oss-security/2016/04/28/4http://www.openwall.com/lists/oss-security/2016/04/28/7http://www.openwall.com/lists/oss-security/2016/04/30/3http://www.openwall.com/lists/oss-security/2016/05/10/15https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2
2016-05-20
Published