Novell Home

CVE-2011-3146

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-3146 at MITRE

Description

librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 714980

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.3
  • librsvg-debuginfo >= 2.26.3-2.3.1
  • librsvg-debuginfo-32bit >= 2.26.3-2.3.1
  • librsvg-debugsource >= 2.26.3-2.3.1
  • rsvg-view-debuginfo >= 2.26.3-2.3.1
openSUSE 11.3
  • librsvg >= 2.26.3-2.3.1
  • librsvg-32bit >= 2.26.3-2.3.1
  • librsvg-devel >= 2.26.3-2.3.1
  • rsvg-view >= 2.26.3-2.3.1
openSUSE 11.4 DEBUGINFO
  • gdk-pixbuf-loader-rsvg-debuginfo >= 2.32.1-3.4.1
  • gdk-pixbuf-loader-rsvg-debuginfo-32bit >= 2.32.1-3.4.1
  • gtk2-engine-svg-debuginfo >= 2.32.1-3.4.1
  • gtk2-engine-svg-debuginfo-32bit >= 2.32.1-3.4.1
  • librsvg-2-2-debuginfo >= 2.32.1-3.4.1
  • librsvg-2-2-debuginfo-32bit >= 2.32.1-3.4.1
  • librsvg-debugsource >= 2.32.1-3.4.1
  • rsvg-view-debuginfo >= 2.32.1-3.4.1
openSUSE 11.4
  • gdk-pixbuf-loader-rsvg >= 2.32.1-3.4.1
  • gdk-pixbuf-loader-rsvg-32bit >= 2.32.1-3.4.1
  • gtk2-engine-svg >= 2.32.1-3.4.1
  • gtk2-engine-svg-32bit >= 2.32.1-3.4.1
  • librsvg-2-2 >= 2.32.1-3.4.1
  • librsvg-2-2-32bit >= 2.32.1-3.4.1
  • librsvg-devel >= 2.32.1-3.4.1
  • rsvg-view >= 2.32.1-3.4.1
SLE 11 SP1 DEBUGINFO
  • librsvg-debuginfo >= 2.26.0-2.3.1
  • librsvg-debugsource >= 2.26.0-2.3.1
Builds
SAT Patch Nr: 5166
SLE 11 SP1 DEBUGINFO
  • librsvg-debuginfo >= 2.26.0-2.3.1
  • librsvg-debuginfo-x86 >= 2.26.0-2.3.1
  • librsvg-debugsource >= 2.26.0-2.3.1
Builds
SAT Patch Nr: 5166
SLE 11 SP1 DEBUGINFO
  • librsvg-debuginfo >= 2.26.0-2.3.1
  • librsvg-debuginfo-32bit >= 2.26.0-2.3.1
  • librsvg-debugsource >= 2.26.0-2.3.1
Builds
SAT Patch Nr: 5166
SUSE Linux Enterprise Software Development Kit 11 SP1
  • librsvg-devel >= 2.26.0-2.3.1
Builds
SAT Patch Nr: 5166
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
  • librsvg >= 2.26.0-2.3.1
  • rsvg-view >= 2.26.0-2.3.1
Builds
SAT Patch Nr: 5166
SUSE Linux Enterprise Server 11 SP1
  • librsvg >= 2.26.0-2.3.1
  • librsvg-x86 >= 2.26.0-2.3.1
  • rsvg-view >= 2.26.0-2.3.1
Builds
SAT Patch Nr: 5166
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
  • librsvg >= 2.26.0-2.3.1
  • librsvg-32bit >= 2.26.0-2.3.1
  • rsvg-view >= 2.26.0-2.3.1
Builds
SAT Patch Nr: 5166

© 2014 Novell