Divide By Zero in librsvg

Do your applications use this vulnerable package? Test your applications

Overview

A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.

References

Debian Security Tracker
GitHub Commit
MLIST
Security Focus
UBUNTU
Ubuntu CVE Tracker
https://bugzilla.gnome.org/show_bug.cgi?id=783835
https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-11464
CWE: CWE-369
Snyk ID: SNYK-DEBIAN9-LIBRSVG-311716
Disclosed: 19 Jul, 2017
Published: 19 Jul, 2017

Divide By Zero
Affecting librsvg package, versions <2.40.21-0+deb9u1

Overview

References

CVSS Score

Divide By Zero Affecting librsvg package, versions <2.40.21-0+deb9u1

Overview

References

Divide By Zero
Affecting librsvg package, versions <2.40.21-0+deb9u1