Jump to:

CVE-2016-6163

Jump to:

CVE-2016-6163

Package librsvg updated to version 2.40.3-alt1 for branch sisyphus in task 127585.

Published: 2017-02-03
Modified: 2024-11-21

CVE-2016-6163

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

[oss-security] 20160704 Browsing and attaching images considered harmful in Linux
[oss-security] 20160704 Browsing and attaching images considered harmful in Linux
[oss-security] 20160705 Re: Browsing and attaching images considered harmful in Linux
[oss-security] 20160705 Re: Browsing and attaching images considered harmful in Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1353520
https://bugzilla.redhat.com/show_bug.cgi?id=1353520

Version: 2.1.0

Package librsvg update in sisyphus on 2014-08-22

ALT-PU-2014-2026-1

Closed vulnerabilities

CVE-2016-6163