Debian Security Advisory

DLA-477-1 librsvg -- LTS security update

Date Reported:
17 May 2016
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-7558, CVE-2016-4347, CVE-2016-4348.
More information:

(Note CVE-2016-4347 is a duplicate of CVE-2015-7558)

Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were found (they will produce stack exhaustion) by Gustavo Grieco.

The version in wheezy (2.36.1-2+deb7u1) is also vulnerable.

For Debian 7 Wheezy, these problems have been fixed in version 2.36.1-2+deb7u2.

We recommend that you upgrade your librsvg packages.