ID CVE-2011-3146
Summary librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
References
Vulnerable Configurations
  • GNOME librsvg 2.34.0
    cpe:2.3:a:gnome:librsvg:2.34.0
CVSS
Base: 6.8 (as of 06-09-2012 - 09:31)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-12312.NASL
    description New release of librsvg which fixes CVE-2011-3146. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 56157
    published 2011-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56157
    title Fedora 16 : librsvg2-2.34.1-1.fc16 (2011-12312)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBRSVG-110920.NASL
    description Specially crafted SVG files could make librsvg dereference a function pointer which potentially allows to execute arbitrary code. (CVE-2011-3146)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 57119
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57119
    title SuSE 11.1 Security Update : librsvg (SAT Patch Number 5166)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_GDK-PIXBUF-LOADER-RSVG-110920.NASL
    description Specially crafted SVG files could make librsvg dereference a function pointer which potentially allows to execute arbitrary code (CVE-2011-3146).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75846
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75846
    title openSUSE Security Update : gdk-pixbuf-loader-rsvg (openSUSE-SU-2011:1090-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_GDK-PIXBUF-LOADER-RSVG-110916.NASL
    description Specially crafted SVG files could make librsvg dereference a function pointer which potentially allows to execute arbitrary code (CVE-2011-3146).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75509
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75509
    title openSUSE Security Update : gdk-pixbuf-loader-rsvg (openSUSE-SU-2011:1090-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_LIBRSVG_20120626.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with 'fe,' which is misidentified as a RsvgFilterPrimitive. (CVE-2011-3146)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80676
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80676
    title Oracle Solaris Third-Party Patch Update : librsvg (cve_2011_3146_denial_of)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-12301.NASL
    description This update fixes CVE-2011-3146. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 56232
    published 2011-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56232
    title Fedora 14 : librsvg2-2.32.0-4.fc14 (2011-12301)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1289.NASL
    description Updated librsvg2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially crafted SVG file that, when opened, would cause applications that use librsvg2 (such as Eye of GNOME) to crash or, potentially, execute arbitrary code. (CVE-2011-3146) Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Sauli Pahlman as the original reporter. All librsvg2 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 56188
    published 2011-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56188
    title RHEL 6 : librsvg2 (RHSA-2011:1289)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1289.NASL
    description From Red Hat Security Advisory 2011:1289 : Updated librsvg2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially crafted SVG file that, when opened, would cause applications that use librsvg2 (such as Eye of GNOME) to crash or, potentially, execute arbitrary code. (CVE-2011-3146) Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Sauli Pahlman as the original reporter. All librsvg2 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68350
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68350
    title Oracle Linux 6 : librsvg2 (ELSA-2011-1289)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1206-1.NASL
    description Sauli Pahlman discovered that librsvg did not correctly handle malformed filter names. If a user or automated system were tricked into processing a specially crafted SVG image, a remote attacker could gain user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 56194
    published 2011-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56194
    title Ubuntu 10.04 LTS / 10.10 / 11.04 : librsvg vulnerability (USN-1206-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-12271.NASL
    description This update fixes CVE-2011-3146. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 56154
    published 2011-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56154
    title Fedora 15 : librsvg2-2.34.0-2.fc15 (2011-12271)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110913_LIBRSVG2_ON_SL6_X.NASL
    description The librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially crafted SVG file that, when opened, would cause applications that use librsvg2 (such as Eye of GNOME) to crash or, potentially, execute arbitrary code. All librsvg2 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61134
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61134
    title Scientific Linux Security Update : librsvg2 on SL6.x i386/x86_64
redhat via4
advisories
bugzilla
id 734936
title CVE-2011-3146 librsvg: object type mismatch leading to invalid pointer dereference
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment librsvg2 is earlier than 0:2.26.0-5.el6_1.1
        oval oval:com.redhat.rhsa:tst:20111289005
      • comment librsvg2 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111289006
    • AND
      • comment librsvg2-devel is earlier than 0:2.26.0-5.el6_1.1
        oval oval:com.redhat.rhsa:tst:20111289007
      • comment librsvg2-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111289008
rhsa
id RHSA-2011:1289
released 2011-09-13
severity Moderate
title RHSA-2011:1289: librsvg2 security update (Moderate)
rpms
  • librsvg2-0:2.26.0-5.el6_1.1
  • librsvg2-devel-0:2.26.0-5.el6_1.1
refmap via4
confirm
fedora
  • FEDORA-2011-12271
  • FEDORA-2011-12301
  • FEDORA-2011-12312
misc
secunia 45877
Last major update 13-09-2012 - 00:00
Published 05-09-2012 - 19:55
Back to Top