Advisories ยป MGASA-2015-0100

Updated librsvg packages fix security vulnerabilities

Publication date: 08 Mar 2015
Type: security
Affected Mageia releases : 4


Atte Kettunen's fuzz testing found several vulnerabilities in librsvg:
- Invalid memory access caused by incorrect handling of a pattern paint
  server with an xlink:href to a unexpected type (bgo#744299)
- Infinite loop in the handling of gradients (bgo#738169)
- Heap-buffer-overflow when there's a missing point in a point-list
- Out of bounds memory access when clipping (bgo#703102)
- Integer overflow in the convolution matrix filter code (commit 53c50c)
- Fix double g_free() when processing stroke-dasharray (bgo#744688)