An out-of-bounds read vulnerability that leads to segmentation fault was found in librsvg2 when processing specially crafted SVG file using Firefox. CVE request (contains reproducer): http://seclists.org/oss-sec/2016/q3/7 Upstream patch: https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022
Fedora 24, package librsvg2, is not vulnerable because it currently has librsvg2-2.40.15-1.fc24 in stable
Created librsvg2 tracking bugs for this issue: Affects: fedora-all [bug 1353521]
Created mingw-librsvg2 tracking bugs for this issue: Affects: fedora-all [bug 1353522]