Vulnerabilities > CVE-2017-11464 - Divide By Zero vulnerability in Gnome Librsvg 2.40.17

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
gnome
CWE-369
nessus

Summary

A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.

Vulnerable Configurations

Part Description Count
Application
Gnome
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-EE04231942.NASL
    descriptionMinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-31
    plugin id102049
    published2017-07-31
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102049
    titleFedora 26 : mingw-librsvg2 (2017-ee04231942)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-CF1A42722D.NASL
    descriptionlibrsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). For details, see https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.ht ml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-27
    plugin id102007
    published2017-07-27
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102007
    titleFedora 25 : librsvg2 (2017-cf1a42722d)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2117-1.NASL
    descriptionThis update librsvg to version 2.40.18 fixes the following issues: Security issue fixed : - CVE-2017-11464: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c. (bsc#1049607) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id102354
    published2017-08-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102354
    titleSUSE SLED12 / SLES12 Security Update : librsvg (SUSE-SU-2017:2117-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-941058C1F1.NASL
    descriptionlibrsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). For details, see https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.ht ml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-27
    plugin id102003
    published2017-07-27
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102003
    titleFedora 24 : librsvg2 (2017-941058c1f1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-BCF1BC0775.NASL
    descriptionMinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-31
    plugin id102048
    published2017-07-31
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102048
    titleFedora 25 : mingw-librsvg2 (2017-bcf1bc0775)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-CF36278519.NASL
    descriptionlibrsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). For details, see https://mail.gnome.org/archives/ftp-release-list/2017-July/msg00078.ht ml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-26
    plugin id101964
    published2017-07-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101964
    titleFedora 26 : librsvg2 (2017-cf36278519)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-0B8C45EBF7.NASL
    descriptionMinGW cross compiled librsvg 2.40.18 release, fixing CVE-2017-11464 (division-by-zero in the Gaussian blur code). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-08-11
    plugin id102376
    published2017-08-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102376
    titleFedora 24 : mingw-librsvg2 (2017-0b8c45ebf7)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-915.NASL
    descriptionThis update librsvg to version 2.40.18 fixes the following issues : Security issue fixed : - CVE-2017-11464: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c. (bsc#1049607) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-08-14
    plugin id102469
    published2017-08-14
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/102469
    titleopenSUSE Security Update : librsvg (openSUSE-2017-915)