Vulnerabilities > Gnome > Librsvg > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-09 CVE-2018-1000041 GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB.
network
low complexity
gnome debian
8.8
2017-07-19 CVE-2017-11464 Divide By Zero vulnerability in Gnome Librsvg 2.40.17
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
local
low complexity
gnome CWE-369
7.8
2016-05-20 CVE-2016-4348 Improper Input Validation vulnerability in multiple products
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
network
low complexity
gnome debian opensuse CWE-20
7.5
2016-05-20 CVE-2015-7558 Improper Input Validation vulnerability in multiple products
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
network
low complexity
debian gnome CWE-20
7.5
2016-05-20 CVE-2015-7557 Improper Input Validation vulnerability in Gnome Librsvg
The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.
network
low complexity
gnome CWE-20
7.5