CVE-2011-3146
EPSS 3.4%
Description
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.
How to fix CVE-2011-3146
To remediate CVE-2011-3146, upgrade the affected package to a fixed version below.
- Debian/librsvg—upgrade to 2.34.1-1 or later
Is CVE-2011-3146 being exploited?
Low — EPSS is 3.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.34.1-1