CVE-2018-25305

librsvg2-bin 2.40.13 Buffer Overflow via Malformed SVG

CVSS 6.9 MEDIUMEPSS 0.1%CWE-120

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

LibRsvg · librsvg2-bin

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/44491unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/44491 https://www.vulncheck.com/advisories/librsvg2-bin-buffer-overflow-via-malformed-svg