Search CVE reports
1 – 10 of 11 results
CVE-2023-38633
Medium priorityA directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated...
1 affected packages
librsvg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
librsvg | — | Fixed | Fixed | Not affected | Not affected |
CVE-2022-23639
Medium prioritySome fixes available 7 of 37
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was...
11 affected packages
cargo, firefox, librsvg, mozjs38, mozjs52...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cargo | Not in release | Not affected | Not affected | Not affected | Vulnerable |
firefox | Fixed | Fixed | Ignored | Ignored | Ignored |
librsvg | Not affected | Not affected | Not affected | Not affected | Not affected |
mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
rust-crossbeam-utils | Not affected | Vulnerable | Vulnerable | Not in release | Not in release |
rust-crossbeam-utils-0.7 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
rustc | Not affected | Fixed | Fixed | Not affected | Vulnerable |
thunderbird | Ignored | Ignored | Ignored | Ignored | Ignored |
CVE-2019-20446
Low priorityIn xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered...
1 affected packages
librsvg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
librsvg | — | Not affected | Not affected | Ignored | Ignored |
CVE-2018-1000041
Low priorityGNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to...
1 affected packages
librsvg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
librsvg | — | — | — | — | Not affected |
CVE-2017-11464
Low prioritySome fixes available 1 of 3
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
1 affected packages
librsvg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
librsvg | — | — | Not affected | Not affected | Fixed |
CVE-2016-6163
Low priorityThe rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.
1 affected packages
librsvg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
librsvg | — | — | — | Not affected | Not affected |
CVE-2016-4348
Low priorityThe _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
1 affected packages
librsvg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
librsvg | — | — | — | Not affected | Not affected |
CVE-2015-7558
Negligible prioritylibrsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
1 affected packages
librsvg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
librsvg | — | — | — | Not affected | Not affected |
CVE-2015-7557
Low priorityThe _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an...
1 affected packages
librsvg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
librsvg | — | — | — | Not affected | Not affected |
CVE-2013-1881
Medium prioritySome fixes available 3 of 5
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
1 affected packages
librsvg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
librsvg | — | — | — | — | — |