CVE-2016-4348

Published: May 20, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

Affected (4)

Products: Gnome: Librsvg · Debian: Debian Linux · Opensuse: Leap, Opensuse

1 product

1 product

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnome Librsvg	Up to 2.40.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Opensuse	Version 13.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://lists.opensuse.org/opensuse-updates/2016-05/msg00079.html

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2016/dsa-3584

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/04/28/4

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/04/28/7

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/04/30/3

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/05/10/15

Source: cve@mitre.org

https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2016-05/msg00079.html