Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

Related bugs and status

CVE-2019-20446 (Candidate) is related to these bugs:

Bug #1889206: Regression in USN-4436-1

		In	Importance	Status
1889206	Regression in USN-4436-1	librsvg (Ubuntu Xenial)	Undecided	Fix Released
1889206	Regression in USN-4436-1	librsvg (Ubuntu Bionic)	Undecided	Fix Released
1889206	Regression in USN-4436-1	librsvg	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://gitlab.gnome.o...
SUSE: openSUSE-SU-2020:0343
FEDORA: FEDORA-2020-f6271d7afa
FEDORA: FEDORA-2020-39e0b8bd14
MLIST: [debian-lts-announce] ...
UBUNTU: USN-4436-1
CONFIRM: https://security.netap...