Debian Security Advisory
DLA-477-1 librsvg -- LTS security update
- Date Reported:
- 17 May 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-7558, CVE-2016-4347, CVE-2016-4348.
- More information:
Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were found (they will produce stack exhaustion) by Gustavo Grieco.
The version in wheezy (2.36.1-2+deb7u1) is also vulnerable.
For Debian 7
Wheezy, these problems have been fixed in version 2.36.1-2+deb7u2.
We recommend that you upgrade your librsvg packages.