FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

librsvg2 -- denial of service vulnerability

Affected packages
librsvg2 < 2.40.12

Details

VuXML ID d6c51737-a84b-11e5-8f5c-002590263bf5
Discovery 2015-10-02
Entry 2015-12-22

Adam Maris, Red Hat Product Security, reports:

CVE-2015-7558: Stack exhaustion due to cyclic dependency causing to crash an application was found in librsvg2 while parsing SVG file. It has been fixed in 2.40.12 by many commits that has rewritten the checks for cyclic references.

[source]

References

CVE Name CVE-2015-7558
FreeBSD PR ports/205502
URL http://www.openwall.com/lists/oss-security/2015/12/21/5
URL https://bugzilla.redhat.com/1268243

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.