CVE-2017-11464 - A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an

CVE-2017-11464

Summary

A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.

References

Vulnerable Configurations

cpe:2.3:a:gnome:librsvg:2.40.17:*:*:*:*:*:*:*
cpe:2.3:a:gnome:librsvg:2.40.17:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 28-07-2020 - 22:15)
Impact:
Exploitability:

CWE

CWE-369

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	99956
confirm	https://bugzilla.gnome.org/show_bug.cgi?id=783835 https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a
mlist	[debian-lts-announce] 20200722 [SECURITY] [DLA 2285-1] librsvg security update
ubuntu	USN-4436-1

Last major update

28-07-2020 - 22:15

Published

19-07-2017 - 21:29

Last modified

28-07-2020 - 22:15