CVE-2017-11464

Name of the Vulnerable Software and Affected Versions librsvg version 2.40.17

Description The issue is related to the implementation of the box blur line function in the librsvg library, which is used for rendering vector graphics. It is caused by errors when performing division operations, specifically division by zero. This can be exploited by a remote attacker using a specially crafted SVG file, potentially leading to a denial of service. The box blur line function in the rsvg-filter.c file of the GNOME librsvg library is specifically affected.

Recommendations For librsvg version 2.40.17, consider avoiding the use of the box blur line function until a patch is available. As a temporary workaround, restrict the processing of SVG files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.