[3.2] librsvg: security issues (CVE-2015-7558, CVE-2016-4348)
CVE-2015-7558: Out-of-bounds heap read and stack exhaustion
librsvg before 2.40.12 allows context-dependent attackers to cause a
denial of service (infinite loop, stack consumption,
and application crash) via cyclic references in an SVG document.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7558
Patch:
https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61
CVE-2016-4348: DoS parsing SVGs with circular definitions _rsvg_css_normalize_font_size() function
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows
context-dependent attackers to cause a
denial of service (stack consumption and application crash) via circular
definitions in an SVG document.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4348
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-4348
Patch:
https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2
(from redmine: issue id 5668, created on 2016-06-01, closed on 2016-06-24)
- Relations:
- parent #5667 (closed)
- Changesets:
- Revision 305e0291 on 2016-06-23T14:02:33Z:
main/librsvg: security upgrade to 2.40.12 (CVE-2015-7558). Fixes #5668