MGASA-2015-0100

Source
https://advisories.mageia.org/MGASA-2015-0100.html
Import Source
https://advisories.mageia.org/MGASA-2015-0100.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2015-0100
Published
2015-03-08T20:47:43Z
Modified
2026-04-16T04:28:40.997098Z
Summary
Updated librsvg packages fix security vulnerabilities
Details

Atte Kettunen's fuzz testing found several vulnerabilities in librsvg: - Invalid memory access caused by incorrect handling of a pattern paint server with an xlink:href to a unexpected type (bgo#744299) - Infinite loop in the handling of gradients (bgo#738169) - Heap-buffer-overflow when there's a missing point in a point-list (bgo#738050) - Out of bounds memory access when clipping (bgo#703102) - Integer overflow in the convolution matrix filter code (commit 53c50c) - Fix double g_free() when processing stroke-dasharray (bgo#744688)

References
Credits

Affected packages

Mageia:4 / librsvg

Package

Name
librsvg
Purl
pkg:rpm/mageia/librsvg?arch=source&distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.39.0-1.2.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2015-0100.json"