Denial of Service Vulnerability in librsvg 2.40.2 via Circular Definitions in SVG Document

Denial of Service Vulnerability in librsvg 2.40.2 via Circular Definitions in SVG Document

CVE-2016-4348 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

Learn more about our Web Application Penetration Testing UK.