← Back to CVEs
CVE-2011-3146
N/ADescription
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
CVE Details
CVSS v3.1 ScoreN/A
Published9/5/2012
Last Modified4/11/2025
Sourcenvd
Honeypot Sightings0
Affected Products
gnome:librsvg
References
http://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2011-1289.html(cve@mitre.org)
http://secunia.com/advisories/45877(cve@mitre.org)
https://bugzilla.gnome.org/show_bug.cgi?id=658014(cve@mitre.org)
https://bugzilla.redhat.com/show_bug.cgi?id=734936(cve@mitre.org)
http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.34/librsvg-2.34.1.news(af854a3a-2127-422b-91ae-364da2661108)
http://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065730.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065739.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066127.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2011-1289.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45877(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/825497(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.gnome.org/show_bug.cgi?id=658014(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=734936(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.