oss-sec mailing list archives
CVE requests: DoS in librsvg parsing SVGs with circular definitions
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Thu, 28 Apr 2016 10:33:02 +0200
Hello, Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were found (they will produce stack exhaustion). Other versions can be vulnerable too. They affect the following functions: * rsvg_cairo_pop_discrete_layer - rsvg_cairo_pop_render_stack - rsvg_cairo_generate_mask: reproducible using circular-1.svg * _rsvg_css_normalize_font_size: reproducible using circular-2.svg Both reproducers are attached in a tar.gz to avoid a crash in my own browser. Fortunately, these issues are solved in the last git revision of librsvg2. Regards, Gustavo.
Attachment:
circulars.tar.gz
Description:
Current thread:
- CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco (Apr 28)
- Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign (Apr 28)
- Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco (Apr 30)
- Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Brian May (May 10)
- Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco (May 15)
- Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Adam Maris (Jun 06)
- Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign (Jun 06)
- Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign (Apr 28)