| CVE-2016-4348 | Hig | 0.49 | 7.5 | 0.03 | | May 20, 2016 | The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. |
| CVE-2015-7558 | Hig | 0.49 | 7.5 | 0.01 | | May 20, 2016 | librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. |
| CVE-2015-7557 | Hig | 0.49 | 7.5 | 0.01 | | May 20, 2016 | The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. |
| CVE-2013-1881 | | 0.01 | — | 0.08 | | Oct 10, 2013 | GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
| CVE-2011-3146 | | 0.00 | — | 0.03 | | Sep 5, 2012 | librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. |
