Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: librsvg

Found 1 matching suggestions

View:
Compact
Detailed
Dismissed
Permalink CVE-2018-25305
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 6 days ago by @LeSuisse Activity log
  • Created suggestion 6 days, 5 hours ago
  • @LeSuisse ignored
    4 packages
    • sbclPackages.cl-rsvg2
    • haskellPackages.gi-rsvg
    • ocamlPackages.lablgtk3-rsvg2
    • ocamlPackages_latest.lablgtk3-rsvg2
    6 days ago
  • @LeSuisse dismissed 6 days ago
librsvg2-bin 2.40.13 Buffer Overflow via Malformed SVG

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor.

Affected products

RSVG
  • ==2.40.13

Matching in nixpkgs

Ignored packages (4)

Package maintainers

Current stable branch was never impacted.