GNOME Librsvg
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in GNOME Librsvg.
By the Year
In 2026 there have been 0 vulnerabilities in GNOME Librsvg. Librsvg did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 8.80 |
It may take a day or so for new Librsvg vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNOME Librsvg Security Vulnerabilities
Directory Traversal in librsvg URL Decoder before 2.56.3
CVE-2023-38633
5.5 - Medium
- July 22, 2023
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Directory traversal
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns
CVE-2019-20446
- February 02, 2020
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c
CVE-2018-1000041
8.8 - High
- February 09, 2018
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file
CVE-2017-11464
7.8 - High
- July 19, 2017
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
Divide By Zero
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for GNOME Librsvg or by GNOME? Click the Watch button to subscribe.
