Gnome · Librsvg · CVE-2015-7557
**Name of the Vulnerable Software and Affected Versions**
librsvg versions prior to 2.40.7
**Description**
The issue allows context-dependent attackers to cause a denial of service, specifically an out-of-bounds heap read, by exploiting the ` rsvg node poly build path` function in `rsvg-shapes.c`. This can be achieved by including an odd number of elements in a coordinate pair within an SVG document.
**Recommendations**
For versions prior to 2.40.7, update to version 2.40.7 or later to resolve the issue.