CVE-2017-11464

HIGH

GNOME librsvg <2.40.17 - Memory Corruption

Title source: llm

Description

A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.

References (6)

Core 6

Core References

Permissions Required x_refsource_confirm

https://bugzilla.gnome.org/show_bug.cgi?id=783835

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/99956

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a

View Patch ZIP pw:eip

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4436-1/

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 35.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-369

Status published

Products (1)

gnome/librsvg 2.40.17

Published Jul 19, 2017

Tracked Since Feb 18, 2026