Lucene search

K

MitreCVELIST:CVE-2011-3146

HistorySep 05, 2012 - 11:00 p.m.

CVE-2011-3146

2012-09-0523:00:00

mitre

www.cve.org

3

librsvg

vulnerability

svg

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

78.3%

librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with “fe,” which is misidentified as a RsvgFilterPrimitive.

References

ftp.gnome.org/pub/GNOME/sources/librsvg/2.34/librsvg-2.34.1.news

git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84

lists.fedoraproject.org/pipermail/package-announce/2011-September/065730.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065739.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/066127.html

rhn.redhat.com/errata/RHSA-2011-1289.html

secunia.com/advisories/45877

bugs.launchpad.net/ubuntu/+source/librsvg/+bug/825497

bugzilla.gnome.org/show_bug.cgi?id=658014

bugzilla.redhat.com/show_bug.cgi?id=734936

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

78.3%

Related for CVELIST:CVE-2011-3146

nessus11 openvas12 fedora3 cve1 redhat1 debiancve1 ubuntu1 securityvulns2 prion1 nvd1 oraclelinux2 ubuntucve1 kitploit1