librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2015/12/21/5 | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1268243 | Issue Tracking |
https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61 | Vendor Advisory |
http://www.openwall.com/lists/oss-security/2016/04/30/3 | Mailing List Third Party Advisory |
http://www.debian.org/security/2016/dsa-3584 | Third Party Advisory |
Information
Published : 2016-05-20 07:59
Updated : 2016-08-23 07:50
NVD link : CVE-2015-7558
Mitre link : CVE-2015-7558
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
debian
- debian_linux
gnome
- librsvg