CVE-2017-11464Divide By Zero in Librsvg

CWE-369Divide By ZeroCWE-20Improper Input Validation12 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 49.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gnome LibrsvgDebian Librsvg
Timeline
PublishedJul 19
Latest updateMay 13

Description

A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

Debiangnome/librsvg< 2.40.18-1+3
Ubuntugnome/librsvg< 2.40.13-3ubuntu0.2+3
NVDgnome/librsvg2.40.17
debiandebian/librsvg< librsvg 2.40.18-1 (bookworm)

Patches

Patch: git.gnome.orgPatch: github.comPatch: git.gnome.org

🔴Vulnerability Details

4
GHSA
GHSA-p53g-qpqr-rqmg: A SIGFPE is raised in the function box_blur_line of rsvg-filter2022-05-13
OSV
librsvg regression2020-07-29
OSV
librsvg vulnerabilities2020-07-27
OSV
CVE-2017-11464: A SIGFPE is raised in the function box_blur_line of rsvg-filter2017-07-19

📋Vendor Advisories

4
Ubuntu
librsvg regression2020-07-29
Ubuntu
librsvg vulnerabilities2020-07-27
Red Hat
librsvg: SIGFPE is raised in box_blur_line function of rsvg-filter.c2017-07-19
Debian
CVE-2017-11464: librsvg - A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librs...2017

💬Community

3
Bugzilla
CVE-2017-11464 librsvg2: librsvg: SIGFPE is raised in box_blur_line function of rsvg-filter.c [fedora-all]2017-07-24
Bugzilla
CVE-2017-11464 mingw-librsvg2: librsvg: SIGFPE is raised in box_blur_line function of rsvg-filter.c [fedora-all]2017-07-24
Bugzilla
CVE-2017-11464 librsvg: SIGFPE is raised in box_blur_line function of rsvg-filter.c2017-07-24
CVE-2017-11464 — Divide By Zero in Debian Librsvg | cvebase