Bug 1268239 – CVE-2015-7557 librsvg2: Out-of-bounds heap read when parsing SVG file

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1268239 - (CVE-2015-7557) CVE-2015-7557 librsvg2: Out-of-bounds heap read when parsing SVG file

Summary:	CVE-2015-7557 librsvg2: Out-of-bounds heap read when parsing SVG file

Status:	CLOSED WONTFIX

Aliases:	CVE-2015-7557

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20151221,repor...
Keywords:	Security

Depends On:	1293344 1293345
Blocks:	1268247
	Show dependency tree / graph

Reported:	2015-10-02 05:05 EDT by Adam Mariš
Modified:	2016-01-12 16:08 EST (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-12-22 05:58:40 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Adam Mariš 2015-10-02 05:05:16 EDT

It was reported that out-of-band heap read is performed in librsvg2 when parsing SVG file.

Comment 2 Adam Mariš 2015-10-02 05:56:10 EDT

Acknowledgements:

Red Hat would like to thank Gustavo Grieco for reporting this issue.

Comment 3 Matthias Clasen 2015-10-02 10:14:28 EDT

I've downloaded the reproducer, and neither firefox 41 nor eog 3.18.0 crash. They both report errors trying to load the image.

Comment 4 Stefan Cornelius 2015-12-10 07:52:15 EST

Upstream patch:
https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df

Comment 6 Adam Mariš 2015-12-21 08:53:11 EST

Created librsvg2 tracking bugs for this issue:

Affects: fedora-all [bug 1293344]

Comment 7 Adam Mariš 2015-12-21 08:53:16 EST

Created mingw-librsvg2 tracking bugs for this issue:

Affects: fedora-all [bug 1293345]

Note You need to log in before you can comment on or make changes to this bug.