7.5

CVE-2015-7558

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
GnomeLibrsvg Version <= 2.40.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.4% 0.819
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2015/12/21/5
Third Party Advisory
Mailing List
http://www.debian.org/security/2016/dsa-3584
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/04/30/3
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1268243
Issue Tracking
https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61
Vendor Advisory