CVE-2016-4348

The rsvgcssnormalizefont_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

References

Affected packages

Git / github.com/gnome/librsvg

Affected ranges

Type

GIT

Repo

https://github.com/gnome/librsvg

Events

Introduced

Last affected

284513935f4ddfed6aec98c3342eb3c13773140f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.40.1"
        }
    ]
}

Affected versions

2.*

2.34.0

2.34.1

2.35.0

2.35.1

2.35.2

2.36.0

2.36.1

2.36.2

2.36.3

2.36.4

2.37.0

2.39.0

2.40.0

2.40.1

Other

GNOME_2_4_BRANCHPOINT

LIBRSVG_0_0_1

LIBRSVG_1_0_0

LIBRSVG_1_0_1

LIBRSVG_1_0_ANCHOR

LIBRSVG_1_1_1

LIBRSVG_1_1_2

LIBRSVG_1_1_3

LIBRSVG_1_1_4

LIBRSVG_1_1_5

LIBRSVG_1_1_6

LIBRSVG_2_0_1

LIBRSVG_2_1_0

LIBRSVG_2_1_1

LIBRSVG_2_1_2

LIBRSVG_2_1_3

LIBRSVG_2_1_4

LIBRSVG_2_1_5

LIBRSVG_2_22_3

LIBRSVG_2_26_2

LIBRSVG_2_26_3

LIBRSVG_2_2_0

LIBRSVG_2_31_0

help

librsvg-2-13-3

librsvg-2-13-90

librsvg-2-13-93

release-2-2-4

release-2-2-5

release-2-3-0

release-2-4-0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4348.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "42.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.2"
            }
        ]
    }
]