#VU24817 Division by zero in librsvg - CVE-2017-11464

Cybersecurity Help s.r.o.

Published: 2020-02-01

Vulnerability identifier: #VU24817

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-11464

CWE-ID: CWE-369

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
librsvg
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a division by zero error within the box_blur_line() function in rsvg-filter.c. A remote attacker can pass specially crafted SVG file to the application and crash it.

Mitigation
Install update from vendor's website.

Vulnerable software versions

librsvg: 2.40.17

External links
https://www.securityfocus.com/bid/99956
https://bugzilla.gnome.org/show_bug.cgi?id=783835
https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a
https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for librsvg

Fedora 25 update for mingw-librsvg2

Fedora 26 update for mingw-librsvg2

Fedora 24 update for mingw-librsvg2

Fedora 25 update for librsvg2

Fedora 24 update for librsvg2

Fedora 26 update for librsvg2

Denial of service in librsvg