Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 28 Apr 2016 10:33:02 +0200
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE requests: DoS in librsvg parsing SVGs with circular definitions

Hello,

Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were found
(they will produce stack exhaustion). Other versions can be vulnerable too.
They affect the following functions:

* rsvg_cairo_pop_discrete_layer - rsvg_cairo_pop_render_stack -
rsvg_cairo_generate_mask: reproducible using circular-1.svg
* _rsvg_css_normalize_font_size: reproducible using circular-2.svg

Both reproducers are attached in a tar.gz to avoid a crash in my own
browser.  Fortunately, these issues are solved in the last git revision of
librsvg2.

Regards,
Gustavo.

Content of type "text/html" skipped

Download attachment "circulars.tar.gz" of type "application/x-gzip" (1511 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.