rpm package
suse/librsvg&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000041 | Hig | 8.8 | < 2.40.20-5.6.1 | 2.40.20-5.6.1 | Feb 9, 2018 | GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to | |
| CVE-2017-11464 | Hig | 7.8 | < 2.40.18-5.3.1 | 2.40.18-5.3.1 | Jul 19, 2017 | A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. |
- affected < 2.40.20-5.6.1fixed 2.40.20-5.6.1
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to
- affected < 2.40.18-5.3.1fixed 2.40.18-5.3.1
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.