CVE-2011-3146
05.09.2012, 23:55
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnome | librsvg | 𝑥 ≤ 2.34.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gdk-pixbuf-loader-rsvg |
| ||||||||||||||||||||||||||
| librsvg-2-2 |
| ||||||||||||||||||||||||||
| librsvg-2-2-32bit |
| ||||||||||||||||||||||||||
| librsvg-devel |
| ||||||||||||||||||||||||||
| rsvg-view |
| ||||||||||||||||||||||||||
| typelib-1_0-Rsvg-2_0 |
|
Red Hat Enterprise Linux Releases
References