An out-of-bounds read vulnerability that leads to segmentation fault was found in librsvg2 when processing specially crafted SVG file using Firefox.
CVE request (contains reproducer):
Fedora 24, package librsvg2, is not vulnerable because it currently has librsvg2-2.40.15-1.fc24 in stable
Created librsvg2 tracking bugs for this issue:
Affects: fedora-all [bug 1353521]
Created mingw-librsvg2 tracking bugs for this issue:
Affects: fedora-all [bug 1353522]