CVE-2011-3146

Common Vulnerabilities and Exposures

Upstream information

CVE-2011-3146 at MITRE

Description

librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 714980

SUSE Security Advisories:

openSUSE-SU-2011:1090-1, published Wed, 5 Oct 2011 17:08:15 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.3	`librsvg-debuginfo >= 2.26.3-2.3.1` `librsvg-debuginfo-32bit >= 2.26.3-2.3.1` `librsvg-debugsource >= 2.26.3-2.3.1` `rsvg-view-debuginfo >= 2.26.3-2.3.1`
openSUSE 11.3	`librsvg >= 2.26.3-2.3.1` `librsvg-32bit >= 2.26.3-2.3.1` `librsvg-devel >= 2.26.3-2.3.1` `rsvg-view >= 2.26.3-2.3.1`
openSUSE 11.4 DEBUGINFO	`gdk-pixbuf-loader-rsvg-debuginfo >= 2.32.1-3.4.1` `gdk-pixbuf-loader-rsvg-debuginfo-32bit >= 2.32.1-3.4.1` `gtk2-engine-svg-debuginfo >= 2.32.1-3.4.1` `gtk2-engine-svg-debuginfo-32bit >= 2.32.1-3.4.1` `librsvg-2-2-debuginfo >= 2.32.1-3.4.1` `librsvg-2-2-debuginfo-32bit >= 2.32.1-3.4.1` `librsvg-debugsource >= 2.32.1-3.4.1` `rsvg-view-debuginfo >= 2.32.1-3.4.1`
openSUSE 11.4	`gdk-pixbuf-loader-rsvg >= 2.32.1-3.4.1` `gdk-pixbuf-loader-rsvg-32bit >= 2.32.1-3.4.1` `gtk2-engine-svg >= 2.32.1-3.4.1` `gtk2-engine-svg-32bit >= 2.32.1-3.4.1` `librsvg-2-2 >= 2.32.1-3.4.1` `librsvg-2-2-32bit >= 2.32.1-3.4.1` `librsvg-devel >= 2.32.1-3.4.1` `rsvg-view >= 2.32.1-3.4.1`
SLE 11 SP1 DEBUGINFO	`librsvg-debuginfo >= 2.26.0-2.3.1` `librsvg-debugsource >= 2.26.0-2.3.1`	Builds SAT Patch Nr: 5166
SLE 11 SP1 DEBUGINFO	`librsvg-debuginfo >= 2.26.0-2.3.1` `librsvg-debuginfo-x86 >= 2.26.0-2.3.1` `librsvg-debugsource >= 2.26.0-2.3.1`	Builds SAT Patch Nr: 5166
SLE 11 SP1 DEBUGINFO	`librsvg-debuginfo >= 2.26.0-2.3.1` `librsvg-debuginfo-32bit >= 2.26.0-2.3.1` `librsvg-debugsource >= 2.26.0-2.3.1`	Builds SAT Patch Nr: 5166
SUSE Linux Enterprise Software Development Kit 11 SP1	`librsvg-devel >= 2.26.0-2.3.1`	Builds SAT Patch Nr: 5166
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware	`librsvg >= 2.26.0-2.3.1` `rsvg-view >= 2.26.0-2.3.1`	Builds SAT Patch Nr: 5166
SUSE Linux Enterprise Server 11 SP1	`librsvg >= 2.26.0-2.3.1` `librsvg-x86 >= 2.26.0-2.3.1` `rsvg-view >= 2.26.0-2.3.1`	Builds SAT Patch Nr: 5166
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware	`librsvg >= 2.26.0-2.3.1` `librsvg-32bit >= 2.26.0-2.3.1` `rsvg-view >= 2.26.0-2.3.1`	Builds SAT Patch Nr: 5166

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy