GNOME librsvg 2.35.2

CPE Details

GNOME librsvg 2.35.2
gnome
librsvg
2.35.2
2012-09-17
21h40 +00:00
2012-09-17
21h40 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnome:librsvg:2.35.2:*:*:*:*:*:*:*

Informations

Vendor

gnome

Product

librsvg

Version

2.35.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-20446 2020-02-01 23h00 +00:00 In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
6.5
Medium
CVE-2018-1000041 2018-02-09 22h00 +00:00 GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
8.8
High
CVE-2015-7557 2016-05-20 12h00 +00:00 The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.
7.5
High
CVE-2015-7558 2016-05-20 12h00 +00:00 librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
7.5
High
CVE-2016-4348 2016-05-20 12h00 +00:00 The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
7.5
High
CVE-2013-1881 2013-10-09 22h00 +00:00 GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
4.3
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.