A denial of service flaw was found in the way the librsvg2 library parsed SVG files. A specially crafted SVG file with circular definitions could cause an application using librsvg2 to crash. This flaw is in the _rsvg_css_normalize_font_size() function. Reference (including reproducer): http://seclists.org/oss-sec/2016/q2/161
Created librsvg2 tracking bugs for this issue: Affects: fedora-all [bug 1331727]
Created mingw-librsvg2 tracking bugs for this issue: Affects: fedora-all [bug 1331728]
Upstream fix: https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2 This fix is two commits before the other commit.