Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 710978 (CVE-2019-20446)

Summary: <gnome-base/librsvg-2.40.21: Resource exhaustion via crafted SVG file with nested patterns (CVE-2019-20446)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: gnome
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2020-02-27 18:19:38 UTC
CVE-2019-20446 (
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2020-02-27 18:20:40 UTC
In in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
Comment 2 Agostino Sarubbo gentoo-dev 2020-02-28 14:12:57 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-02-28 17:51:40 UTC
x86 stable
Comment 4 Rolf Eike Beer archtester 2020-02-29 12:04:08 UTC
sparc stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-03-02 12:34:29 UTC
s390 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-03-02 12:38:27 UTC
ia64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-03-02 12:39:49 UTC
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-03-02 15:23:23 UTC
ppc stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2020-03-02 20:22:47 UTC
hppa stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-03-05 12:49:54 UTC
arm stable
Comment 11 Mart Raudsepp gentoo-dev 2020-03-17 08:36:47 UTC
arm64 stable, cleanup done
Comment 12 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-25 20:10:49 UTC
GLSA Vote: No

Repository is clean, all done!