Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 11 results


CVE-2023-38633

Medium priority
Fixed

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated...

1 affected packages

librsvg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
librsvg Fixed Fixed Not affected Not affected
Show less packages

CVE-2022-23639

Medium priority

Some fixes available 7 of 37

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was...

11 affected packages

cargo, firefox, librsvg, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Not affected Not affected Not affected Vulnerable
firefox Fixed Fixed Ignored Ignored Ignored
librsvg Not affected Not affected Not affected Not affected Not affected
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
rust-crossbeam-utils Not affected Vulnerable Vulnerable Not in release Not in release
rust-crossbeam-utils-0.7 Not in release Vulnerable Not in release Not in release Not in release
rustc Not affected Fixed Fixed Not affected Vulnerable
thunderbird Ignored Ignored Ignored Ignored Ignored
Show all 11 packages Show less packages

CVE-2019-20446

Low priority
Ignored

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered...

1 affected packages

librsvg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
librsvg Not affected Not affected Ignored Ignored
Show less packages

CVE-2018-1000041

Low priority
Not affected

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to...

1 affected packages

librsvg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
librsvg Not affected
Show less packages

CVE-2017-11464

Low priority

Some fixes available 1 of 3

A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.

1 affected packages

librsvg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
librsvg Not affected Not affected Fixed
Show less packages

CVE-2016-6163

Low priority
Ignored

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.

1 affected packages

librsvg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
librsvg Not affected Not affected
Show less packages

CVE-2016-4348

Low priority
Ignored

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

1 affected packages

librsvg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
librsvg Not affected Not affected
Show less packages

CVE-2015-7558

Negligible priority
Ignored

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

1 affected packages

librsvg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
librsvg Not affected Not affected
Show less packages

CVE-2015-7557

Low priority
Ignored

The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an...

1 affected packages

librsvg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
librsvg Not affected Not affected
Show less packages

CVE-2013-1881

Medium priority

Some fixes available 3 of 5

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

1 affected packages

librsvg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
librsvg
Show less packages