oss-sec mailing list archives
Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions
From: Brian May <brian () linuxpenguins xyz>
Date: Wed, 11 May 2016 08:36:48 +1000
Just did a git bisect against the source. Assuming I got this right, the following commits fixed the issue.
They affect the following functions:* rsvg_cairo_pop_discrete_layer - rsvg_cairo_pop_render_stack - rsvg_cairo_generate_mask: reproducible using circular-1.svgUse CVE-2016-4347.
Fixed in: commit a51919f7e1ca9c535390a746fbf6e28c8402dc61 Author: Benjamin Otte <otte () redhat com> Date: Wed Oct 7 08:45:37 2015 +0200 rsvg: Add rsvg_acquire_node() This function does proper recursion checks when looking up resources from URLs and thereby helps avoiding infinite loops when cyclic references span multiple types of elements.
* _rsvg_css_normalize_font_size: reproducible using circular-2.svgUse CVE-2016-4348.
Fixed in: commit d1c9191949747f6dcfd207831d15dd4ba00e31f2 Author: Benjamin Otte <otte () redhat com> Date: Wed Oct 7 05:31:08 2015 +0200 state: Store mask as reference Instead of immediately looking up the mask, store the reference and look it up on use. This fix is two commits before the other commit. -- Brian May <brian () linuxpenguins xyz> https://linuxpenguins.xyz/brian/
Current thread:
- CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco (Apr 28)
- Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign (Apr 28)
- Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco (Apr 30)
- Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Brian May (May 10)
- Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco (May 15)
- Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Adam Maris (Jun 06)
- Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign (Jun 06)
- Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign (Apr 28)