CVE-2016-6163

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-6163

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6163.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-6163

Downstream

DEBIAN-CVE-2016-6163

Published

2017-02-03T15:59:00.493Z

Modified

2026-03-14T09:21:27.846542Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The rsvgpatternfixfallback function in rsvg-paintserver.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.

References

Affected packages

Git / github.com/gnome/librsvg

Affected ranges

Type

GIT

Repo

https://github.com/gnome/librsvg

Events

Introduced

Last affected

02cb19835cb52bd84b0b5eaca1b4d6338417d261

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.40.2"
        }
    ]
}

Affected versions

2.*

2.34.0

2.34.1

2.35.0

2.35.1

2.35.2

2.36.0

2.36.1

2.36.2

2.36.3

2.36.4

2.37.0

2.39.0

2.40.0

2.40.1

2.40.2

Other

GNOME_2_4_BRANCHPOINT

LIBRSVG_0_0_1

LIBRSVG_1_0_0

LIBRSVG_1_0_1

LIBRSVG_1_0_ANCHOR

LIBRSVG_1_1_1

LIBRSVG_1_1_2

LIBRSVG_1_1_3

LIBRSVG_1_1_4

LIBRSVG_1_1_5

LIBRSVG_1_1_6

LIBRSVG_2_0_1

LIBRSVG_2_1_0

LIBRSVG_2_1_1

LIBRSVG_2_1_2

LIBRSVG_2_1_3

LIBRSVG_2_1_4

LIBRSVG_2_1_5

LIBRSVG_2_22_3

LIBRSVG_2_26_2

LIBRSVG_2_26_3

LIBRSVG_2_2_0

LIBRSVG_2_31_0

help

librsvg-2-13-3

librsvg-2-13-90

librsvg-2-13-93

release-2-2-4

release-2-2-5

release-2-3-0

release-2-4-0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6163.json"