Multiple Vendors Unspecified SVG File Processing Denial of Service Vulnerability

Bugtraq ID:	30149
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Jul 08 2008 12:00AM
Updated:	Jul 10 2008 07:49PM
Credit:	Kristian Hermansen
Vulnerable:	Mozilla Firefox 3.0 GNOME Eye of GNOME 2.22.3 GNOME Evince 2.23 GIMP GIMP 2.4.6
Not Vulnerable:

Multiple Vendors Unspecified SVG File Processing Denial of Service Vulnerability

Multiple vendors' SVG implementations are prone to an unspecified denial-of-service vulnerability.

This issue arises when the software handles maliciously crafted SVG images.

According to reports, the latest versions of Firefox, Evince, EoG, and GIMP are vulnerable.

Multiple Vendors Unspecified SVG File Processing Denial of Service Vulnerability

The following proof-of-concept image is available. This may crash the software affected by this vulnerability. Symantec has neither confirmed nor tested this proof of concept.

• /data/vulnerabilities/exploits/30149.svg

Multiple Vendors Unspecified SVG File Processing Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple Vendors Unspecified SVG File Processing Denial of Service Vulnerability

References:

• Evince Homepage (GNOME)
  
• Eye of GNOME Homepage (GNOME)
  
• GIMP Homepage (GIMP)
  
• Mozilla Homepage (Mozilla Foundation)