ALT-PU-2019-2781-1
Closed vulnerabilities
Published: 2020-02-02
BDU:2021-00123
Уязвимость множества функций из xml.rs библиотеки отрисовки векторной графики librsvg, связанная с ошибкой механизма контроля расходуемых ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2020-02-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-20446
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2020:0343
- openSUSE-SU-2020:0343
- https://gitlab.gnome.org/GNOME/librsvg/issues/515
- https://gitlab.gnome.org/GNOME/librsvg/issues/515
- [debian-lts-announce] 20200722 [SECURITY] [DLA 2285-1] librsvg security update
- [debian-lts-announce] 20200722 [SECURITY] [DLA 2285-1] librsvg security update
- FEDORA-2020-39e0b8bd14
- FEDORA-2020-39e0b8bd14
- FEDORA-2020-f6271d7afa
- FEDORA-2020-f6271d7afa
- https://security.netapp.com/advisory/ntap-20221111-0004/
- https://security.netapp.com/advisory/ntap-20221111-0004/
- USN-4436-1
- USN-4436-1