This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 734936 - (CVE-2011-3146) CVE-2011-3146 librsvg: object type mismatch leading to invalid pointer dereference
CVE-2011-3146 librsvg: object type mismatch leading to invalid pointer derefe...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20110906,repor...
: Security
Depends On: 735266 735267 736237
Blocks: 734942
  Show dependency treegraph
 
Reported: 2011-08-31 18:01 EDT by Vincent Danen
Modified: 2015-11-24 09:40 EST (History)
2 users (show)

See Also:
Fixed In Version: librsvg 2.34.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-09-13 15:26:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
patch (43.86 KB, patch)
2011-09-02 00:28 EDT, Huzaifa S. Sidhpurwala
no flags Details | Diff

  None (edit)
Description Vincent Danen 2011-08-31 18:01:20 EDT
A NULL pointer dereference flaw was reported [1] by Sauli Pahlman in librsvg.  If a program linked to librsvg where to open a crafted SVG file, it could cause that application to crash or potentially execute arbitrary code.

[1] https://launchpad.net/bugs/825497
https://bugzilla.gnome.org/show_bug.cgi?id=658014
Comment 3 Huzaifa S. Sidhpurwala 2011-09-02 00:28:16 EDT
Created attachment 521134 [details]
patch
Comment 5 Vincent Danen 2011-09-07 01:09:47 EDT
This is now public, and fixed in upstream 2.34.1:

http://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84
Comment 6 Huzaifa S. Sidhpurwala 2011-09-07 02:25:13 EDT
This issue does not affect the version of librsvg2 shipped with Red Hat
Enterprise Linux 4 and 5.

This issue affects the version of librsvg2 shipped with Red Hat Enterprise Linux 6.

This issue affects the version of librsvg2 shipped with Fedora 14 and Fedora 15.
Comment 7 Huzaifa S. Sidhpurwala 2011-09-07 02:26:35 EDT
Created librsvg2 tracking bugs for this issue

Affects: fedora-all [bug 736237]
Comment 8 Murray McAllister 2011-09-08 09:08:19 EDT
Acknowledgements:

Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Sauli Pahlman as the original reporter.
Comment 9 errata-xmlrpc 2011-09-13 15:19:02 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1289 https://rhn.redhat.com/errata/RHSA-2011-1289.html

Note You need to log in before you can comment on or make changes to this bug.