Bug 1268243 (CVE-2015-7558) - CVE-2015-7558 librsvg2: Stack exhaustion causing DoS
Summary: CVE-2015-7558 librsvg2: Stack exhaustion causing DoS
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-7558
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: CVE-2016-4347 (view as bug list)
Depends On: 1293346 1293347
Blocks: 1268247 1331729
TreeView+ depends on / blocked
 
Reported: 2015-10-02 09:25 UTC by Adam Mariš
Modified: 2021-02-17 04:53 UTC (History)
7 users (show)

Fixed In Version: librsvg2 2.40.12
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-22 10:59:20 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Adam Mariš 2015-10-02 09:25:03 UTC 
A vulnerability causing stack exhaustion leading to DoS was found in librsvg2 when parsing SVG file.
Comment 2 Adam Mariš 2015-10-02 09:56:16 UTC 
Acknowledgements:

Red Hat would like to thank Gustavo Grieco for reporting this issue.
Comment 3 Matthias Clasen 2015-10-02 14:10:49 UTC 
I don't believe that firefox is using librsvg to parse files that are loaded from the net.
Comment 5 Matthias Clasen 2015-12-14 18:38:30 UTC 
yes, I believe this was fixed by rewriting the way librsvg checks for cyclic references.
Comment 6 Adam Mariš 2015-12-21 13:53:50 UTC 
Created librsvg2 tracking bugs for this issue:

Affects: fedora-all [bug 1293346]
Comment 7 Adam Mariš 2015-12-21 13:53:56 UTC 
Created mingw-librsvg2 tracking bugs for this issue:

Affects: fedora-all [bug 1293347]
Comment 10 Stefan Cornelius 2016-06-03 13:04:17 UTC 
*** Bug 1331724 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.