Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Apr 2016 10:33:02 +0200
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE requests: DoS in librsvg parsing SVGs with circular definitions

Hello,

Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were found
(they will produce stack exhaustion). Other versions can be vulnerable too.
They affect the following functions:

* rsvg_cairo_pop_discrete_layer - rsvg_cairo_pop_render_stack -
rsvg_cairo_generate_mask: reproducible using circular-1.svg
* _rsvg_css_normalize_font_size: reproducible using circular-2.svg

Both reproducers are attached in a tar.gz to avoid a crash in my own
browser.  Fortunately, these issues are solved in the last git revision of
librsvg2.

Regards,
Gustavo.

Content of type "text/html" skipped

Download attachment "circulars.tar.gz" of type "application/x-gzip" (1511 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ