Vulnerabilities > Gnome > Librsvg > 2.35.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-02 | CVE-2019-20446 | Resource Exhaustion vulnerability in multiple products In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. | 6.5 |
| 2018-02-09 | CVE-2018-1000041 | GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. | 4.3 |
| 2016-05-20 | CVE-2016-4348 | Improper Input Validation vulnerability in multiple products The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. | 5.0 |
| 2016-05-20 | CVE-2015-7558 | Improper Input Validation vulnerability in multiple products librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. | 5.0 |
| 2016-05-20 | CVE-2015-7557 | Improper Input Validation vulnerability in Gnome Librsvg The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. | 5.0 |
| 2013-10-10 | CVE-2013-1881 | Improper Input Validation vulnerability in Gnome Librsvg GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 4.3 |