Vulnerabilities > CVE-2011-3146 - Unspecified vulnerability in Gnome Librsvg

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
gnome
nessus

Summary

librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476 Null Pointer Dereference'

Vulnerable Configurations

Part Description Count
Application
Gnome
86

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_GDK-PIXBUF-LOADER-RSVG-110916.NASL
    descriptionSpecially crafted SVG files could make librsvg dereference a function pointer which potentially allows to execute arbitrary code (CVE-2011-3146).
    last seen2020-06-01
    modified2020-06-02
    plugin id75509
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75509
    titleopenSUSE Security Update : gdk-pixbuf-loader-rsvg (openSUSE-SU-2011:1090-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update gdk-pixbuf-loader-rsvg-5168.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75509);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2011-3146");
    
      script_name(english:"openSUSE Security Update : gdk-pixbuf-loader-rsvg (openSUSE-SU-2011:1090-1)");
      script_summary(english:"Check for the gdk-pixbuf-loader-rsvg-5168 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Specially crafted SVG files could make librsvg dereference a function
    pointer which potentially allows to execute arbitrary code
    (CVE-2011-3146)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=714980"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-10/msg00003.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected gdk-pixbuf-loader-rsvg packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:librsvg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:librsvg-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:librsvg-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rsvg-view");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/09/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"librsvg-2.26.3-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"librsvg-devel-2.26.3-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"rsvg-view-2.26.3-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"librsvg-32bit-2.26.3-2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "librsvg / librsvg-32bit / librsvg-devel / rsvg-view");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_LIBRSVG_20120626.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with
    last seen2020-06-01
    modified2020-06-02
    plugin id80676
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80676
    titleOracle Solaris Third-Party Patch Update : librsvg (cve_2011_3146_denial_of)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-12271.NASL
    descriptionThis update fixes CVE-2011-3146. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56154
    published2011-09-12
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56154
    titleFedora 15 : librsvg2-2.34.0-2.fc15 (2011-12271)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBRSVG-110920.NASL
    descriptionSpecially crafted SVG files could make librsvg dereference a function pointer which potentially allows to execute arbitrary code. (CVE-2011-3146)
    last seen2020-06-01
    modified2020-06-02
    plugin id57119
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57119
    titleSuSE 11.1 Security Update : librsvg (SAT Patch Number 5166)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-12301.NASL
    descriptionThis update fixes CVE-2011-3146. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56232
    published2011-09-20
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56232
    titleFedora 14 : librsvg2-2.32.0-4.fc14 (2011-12301)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_GDK-PIXBUF-LOADER-RSVG-110920.NASL
    descriptionSpecially crafted SVG files could make librsvg dereference a function pointer which potentially allows to execute arbitrary code (CVE-2011-3146).
    last seen2020-06-01
    modified2020-06-02
    plugin id75846
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75846
    titleopenSUSE Security Update : gdk-pixbuf-loader-rsvg (openSUSE-SU-2011:1090-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-12312.NASL
    descriptionNew release of librsvg which fixes CVE-2011-3146. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56157
    published2011-09-12
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56157
    titleFedora 16 : librsvg2-2.34.1-1.fc16 (2011-12312)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1289.NASL
    descriptionFrom Red Hat Security Advisory 2011:1289 : Updated librsvg2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially crafted SVG file that, when opened, would cause applications that use librsvg2 (such as Eye of GNOME) to crash or, potentially, execute arbitrary code. (CVE-2011-3146) Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Sauli Pahlman as the original reporter. All librsvg2 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68350
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68350
    titleOracle Linux 6 : librsvg2 (ELSA-2011-1289)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1206-1.NASL
    descriptionSauli Pahlman discovered that librsvg did not correctly handle malformed filter names. If a user or automated system were tricked into processing a specially crafted SVG image, a remote attacker could gain user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56194
    published2011-09-14
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56194
    titleUbuntu 10.04 LTS / 10.10 / 11.04 : librsvg vulnerability (USN-1206-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1289.NASL
    descriptionUpdated librsvg2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially crafted SVG file that, when opened, would cause applications that use librsvg2 (such as Eye of GNOME) to crash or, potentially, execute arbitrary code. (CVE-2011-3146) Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Sauli Pahlman as the original reporter. All librsvg2 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56188
    published2011-09-14
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56188
    titleRHEL 6 : librsvg2 (RHSA-2011:1289)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110913_LIBRSVG2_ON_SL6_X.NASL
    descriptionThe librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially crafted SVG file that, when opened, would cause applications that use librsvg2 (such as Eye of GNOME) to crash or, potentially, execute arbitrary code. All librsvg2 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61134
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61134
    titleScientific Linux Security Update : librsvg2 on SL6.x i386/x86_64

Redhat

advisories
bugzilla
id734936
titleCVE-2011-3146 librsvg: object type mismatch leading to invalid pointer dereference
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentlibrsvg2-devel is earlier than 0:2.26.0-5.el6_1.1
          ovaloval:com.redhat.rhsa:tst:20111289001
        • commentlibrsvg2-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111289002
      • AND
        • commentlibrsvg2 is earlier than 0:2.26.0-5.el6_1.1
          ovaloval:com.redhat.rhsa:tst:20111289003
        • commentlibrsvg2 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111289004
rhsa
idRHSA-2011:1289
released2011-09-13
severityModerate
titleRHSA-2011:1289: librsvg2 security update (Moderate)
rpms
  • librsvg2-0:2.26.0-5.el6_1.1
  • librsvg2-debuginfo-0:2.26.0-5.el6_1.1
  • librsvg2-devel-0:2.26.0-5.el6_1.1