PT-2012-1676 · Gnome+1 · Librsvg+1

Published

2011-09-13

Updated

2012-09-13

CVE-2011-3146

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions librsvg versions prior to 2.34.1

Description The issue allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.

Recommendations For versions prior to 2.34.1, update to version 2.34.1 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-3146

OPENSUSE-SU-2024:10229-1

RHSA-2011:1289

RHSA-2011_1289

Affected Products

Red Hat

Librsvg

PT-2012-1676 · Gnome+1 · Librsvg+1

CVE-2011-3146

Related Identifiers

Affected Products

References · 17