CVE-2019-20446

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-20446

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20446.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-20446

Related

Published

2020-02-02T14:15:10Z

Modified

2024-12-05T01:57:28.692739Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

References

Affected packages

Alpine:v3.10 / librsvg

Package

Name: librsvg
Purl: pkg:apk/alpine/librsvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.40.21-r0

Affected versions

2.*

2.26.0-r0

2.26.0-r1

2.26.2-r0

2.26.2-r1

2.26.3-r0

2.26.3-r1

2.26.3-r2

2.26.3-r3

2.32.0-r0

2.32.1-r0

2.32.1-r1

2.34.0-r0

2.34.0-r1

2.34.1-r0

2.34.2-r0

2.34.2-r1

2.36.1-r0

2.36.3-r0

2.36.4-r0

2.37.0-r0

2.39.0-r0

2.39.0-r1

2.40.0-r1

2.40.1-r1

2.40.2-r0

2.40.5-r0

2.40.6-r0

2.40.9-r0

2.40.9-r1

2.40.11-r0

2.40.12-r0

2.40.13-r0

2.40.15-r0

2.40.16-r0

2.40.16-r1

2.40.16-r2

2.40.17-r0

2.40.19-r0

2.40.20-r0

Alpine:v3.8 / librsvg

Package

Name: librsvg
Purl: pkg:apk/alpine/librsvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.40.21-r0

Affected versions

2.*

2.26.0-r0

2.26.0-r1

2.26.2-r0

2.26.2-r1

2.26.3-r0

2.26.3-r1

2.26.3-r2

2.26.3-r3

2.32.0-r0

2.32.1-r0

2.32.1-r1

2.34.0-r0

2.34.0-r1

2.34.1-r0

2.34.2-r0

2.34.2-r1

2.36.1-r0

2.36.3-r0

2.36.4-r0

2.37.0-r0

2.39.0-r0

2.39.0-r1

2.40.0-r1

2.40.1-r1

2.40.2-r0

2.40.5-r0

2.40.6-r0

2.40.9-r0

2.40.9-r1

2.40.11-r0

2.40.12-r0

2.40.13-r0

2.40.15-r0

2.40.16-r0

2.40.16-r1

2.40.16-r2

2.40.17-r0

2.40.19-r0

2.40.20-r0

Alpine:v3.9 / librsvg

Package

Name: librsvg
Purl: pkg:apk/alpine/librsvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.40.21-r0

Affected versions

2.*

2.26.0-r0

2.26.0-r1

2.26.2-r0

2.26.2-r1

2.26.3-r0

2.26.3-r1

2.26.3-r2

2.26.3-r3

2.32.0-r0

2.32.1-r0

2.32.1-r1

2.34.0-r0

2.34.0-r1

2.34.1-r0

2.34.2-r0

2.34.2-r1

2.36.1-r0

2.36.3-r0

2.36.4-r0

2.37.0-r0

2.39.0-r0

2.39.0-r1

2.40.0-r1

2.40.1-r1

2.40.2-r0

2.40.5-r0

2.40.6-r0

2.40.9-r0

2.40.9-r1

2.40.11-r0

2.40.12-r0

2.40.13-r0

2.40.15-r0

2.40.16-r0

2.40.16-r1

2.40.16-r2

2.40.17-r0

2.40.19-r0

2.40.20-r0

Debian:11 / librsvg

Package

Name: librsvg
Purl: pkg:deb/debian/librsvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.46.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / librsvg

Package

Name: librsvg
Purl: pkg:deb/debian/librsvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.46.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / librsvg

Package

Name: librsvg
Purl: pkg:deb/debian/librsvg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.46.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gnome/librsvg

Affected ranges

Type: GIT
Repo: https://github.com/gnome/librsvg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

13fbcd136977f3e765e22181404aafa59f8d8fb3

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/librsvg
Events: Introduced

2465e1bfc0aab8d03fb4a2c3a6b6cc110fcbde98

Fixed

6c1c962f063f36b6c317e08af5af77a861e789ae

Affected versions

2.*

2.34.0

2.34.1

2.35.0

2.35.1

2.35.2

2.36.0

2.36.1

2.36.2

2.36.3

2.36.4

2.37.0

2.39.0

2.40.0

2.40.1

2.40.10

2.40.11

2.40.12

2.40.13

2.40.14

2.40.15

2.40.16

2.40.17

2.40.18

2.40.19

2.40.2

2.40.20

2.40.3

2.40.4

2.40.5

2.40.6

2.40.7

2.40.8

2.40.9

2.42.0

2.42.1

2.42.2

2.42.3

2.42.4

2.42.5

2.42.6

2.42.7

Other

GNOME_2_4_BRANCHPOINT

LIBRSVG_0_0_1

LIBRSVG_1_0_0

LIBRSVG_1_0_1

LIBRSVG_1_0_ANCHOR

LIBRSVG_1_1_1

LIBRSVG_1_1_2

LIBRSVG_1_1_3

LIBRSVG_1_1_4

LIBRSVG_1_1_5

LIBRSVG_1_1_6

LIBRSVG_2_0_1

LIBRSVG_2_1_0

LIBRSVG_2_1_1

LIBRSVG_2_1_2

LIBRSVG_2_1_3

LIBRSVG_2_1_4

LIBRSVG_2_1_5

LIBRSVG_2_22_3

LIBRSVG_2_26_2

LIBRSVG_2_26_3

LIBRSVG_2_2_0

LIBRSVG_2_31_0

help

librsvg-2-13-3

librsvg-2-13-90

librsvg-2-13-93

release-2-2-4

release-2-2-5

release-2-3-0

release-2-4-0