CVE-2015-7557

HIGH7.5EPSS 0.52%

librsvg - security update

發布日:2016/5/20修改日:2026/4/28

也稱為:DEBIAN-CVE-2015-7557

描述

The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.

受影響套件(2)

Debian/librsvgfrom 0, < 2.40.9-2
Debian/librsvgfrom 0, < 2.26.3-1+deb6u3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-7557