Unrated severityNVD Advisory· Published Sep 5, 2012· Updated Apr 29, 2026

CVE-2011-3146

Description

librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.

Affected products

GNOME Foundation/Librsvg
cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*
Range: <=2.34.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.gnome.org/browse/librsvg/commit/nvdExploitPatch
secunia.com/advisories/45877nvdVendor Advisory
ftp.gnome.org/pub/GNOME/sources/librsvg/2.34/librsvg-2.34.1.newsnvd
lists.fedoraproject.org/pipermail/package-announce/2011-September/065730.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2011-September/065739.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2011-September/066127.htmlnvd
rhn.redhat.com/errata/RHSA-2011-1289.htmlnvd
bugs.launchpad.net/ubuntu/+source/librsvg/+bug/825497nvd
bugzilla.gnome.org/show_bug.cginvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000