| Summary: | CVE-2015-7557 librsvg2: Out-of-bounds heap read when parsing SVG file | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | carnil, jrusnack, mclasen, otte, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-12-22 10:58:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1293344, 1293345 | ||
| Bug Blocks: | 1268247 | ||
|
Description
Adam Mariš
2015-10-02 09:05:16 UTC
Acknowledgements: Red Hat would like to thank Gustavo Grieco for reporting this issue. I've downloaded the reproducer, and neither firefox 41 nor eog 3.18.0 crash. They both report errors trying to load the image. Upstream patch: https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df Created librsvg2 tracking bugs for this issue: Affects: fedora-all [bug 1293344] Created mingw-librsvg2 tracking bugs for this issue: Affects: fedora-all [bug 1293345] |