382403 – (CVE-2011-3146) <gnome-base/librsvg-2.34.1: Node Type Handling Vulnerability (CVE-2011-3146)

Bug 382403 (CVE-2011-3146) - <gnome-base/librsvg-2.34.1: Node Type Handling Vulnerability (CVE-2011-3146)

Summary: <gnome-base/librsvg-2.34.1: Node Type Handling Vulnerability (CVE-2011-3146)

Status:	RESOLVED FIXED

Alias:	CVE-2011-3146

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://secunia.com/advisories/45877/
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-09-09 14:46 UTC by Agostino Sarubbo
Modified:	2012-09-08 15:27 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2011-09-09 14:46:27 UTC

From secunia security advisor at $URL:

Description:
The vulnerability is caused due to an error within the handling of node types, which can be exploited to dereference invalid memory via specially crafted SVG images.

Solution:
Update to version 2.34.1.

Comment 1 Pacho Ramos gentoo-dev

2011-09-09 20:02:52 UTC

+*librsvg-2.34.1-r1 (09 Sep 2011)
+*librsvg-2.34.1 (09 Sep 2011)
+
+  09 Sep 2011; Pacho Ramos <pacho@gentoo.org> -librsvg-2.34.0-r1.ebuild,
+  +librsvg-2.34.1.ebuild, +librsvg-2.34.1-r1.ebuild:
+  Version bump, remove old.
+

-> 2.34.1 is the candidate to stabilize as it doesn't need gtk3 yet

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2011-09-09 21:39:45 UTC

Thanks, Pacho.

Arches, please test and mark stable:
=gnome-base/librsvg-2.34.1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"

Comment 3 Jeff (JD) Horelick (RETIRED) gentoo-dev

2011-09-09 22:32:09 UTC

Archtested on x86: Everything fine

Comment 4 Agostino Sarubbo gentoo-dev

2011-09-10 09:56:55 UTC

amd64 ok

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2011-09-12 11:51:13 UTC

Stable for HPPA.

Comment 6 Markus Meier gentoo-dev

2011-09-12 21:08:26 UTC

amd64/arm/x86 stable, thanks JD and Agostino

Comment 7 Raúl Porcel (RETIRED) gentoo-dev

2011-09-18 14:06:58 UTC

alpha/ia64/sh/sparc stable

Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev

2011-09-27 18:16:52 UTC

ppc/ppc64 stable, last arch done

Comment 9 Tim Sammut (RETIRED) gentoo-dev

2011-09-27 18:59:54 UTC

Thanks, everyone. GLSA Vote: no (assuming this really isn't exploitable for anything other than a DoS).

Comment 10 Stefan Behte (RETIRED) gentoo-dev

2011-10-08 21:04:20 UTC

Vote: NO. Closing noglsa.

Comment 11 GLSAMaker/CVETool Bot gentoo-dev

2012-09-08 15:27:48 UTC

CVE-2011-3146 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3146):
  librsvg before 2.34.1 uses the node name to identify the type of node, which
  allows context-dependent attackers to cause a denial of service (NULL
  pointer dereference) and possibly execute arbitrary code via a SVG file with
  a node with the element name starting with "fe," which is misidentified as a
  RsvgFilterPrimitive.