oss-sec mailing list archives
CVE-2015-7557, CVE-2015-7558 librsvg2: Out-of-bounds heap read and stack exhaustion
From: Adam Maris <amaris () redhat com>
Date: Mon, 21 Dec 2015 16:03:49 +0100
CVE-2015-7557: Out-of-bounds heap read in librsvg2 was found when parsing SVG file.
Upstream patch: https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8dfCVE-2015-7558: Stack exhaustion due to cyclic dependency causing to crash an application was found in librsvg2 while parsing SVG file. It has been fixed in 2.40.12 by many commits that has rewritten the checks for cyclic references.
RH bug: https://bugzilla.redhat.com/show_bug.cgi?id=1268243 -- Adam Maris / Red Hat Product Security
Current thread:
- CVE-2015-7557, CVE-2015-7558 librsvg2: Out-of-bounds heap read and stack exhaustion Adam Maris (Dec 21)