{"id":"CVE-2016-4348","details":"The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.","modified":"2026-03-19T03:04:47.305270Z","published":"2016-05-20T14:59:06.467Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/04/28/4"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/04/28/7"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/04/30/3"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/05/10/15"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00079.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3584"},{"type":"ADVISORY","url":"https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/librsvg","events":[{"introduced":"0"},{"last_affected":"284513935f4ddfed6aec98c3342eb3c13773140f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.40.1"}]}}],"versions":["2.34.0","2.34.1","2.35.0","2.35.1","2.35.2","2.36.0","2.36.1","2.36.2","2.36.3","2.36.4","2.37.0","2.39.0","2.40.0","2.40.1","GNOME_2_4_BRANCHPOINT","LIBRSVG_0_0_1","LIBRSVG_1_0_0","LIBRSVG_1_0_1","LIBRSVG_1_0_ANCHOR","LIBRSVG_1_1_1","LIBRSVG_1_1_2","LIBRSVG_1_1_3","LIBRSVG_1_1_4","LIBRSVG_1_1_5","LIBRSVG_1_1_6","LIBRSVG_2_0_1","LIBRSVG_2_1_0","LIBRSVG_2_1_1","LIBRSVG_2_1_2","LIBRSVG_2_1_3","LIBRSVG_2_1_4","LIBRSVG_2_1_5","LIBRSVG_2_22_3","LIBRSVG_2_26_2","LIBRSVG_2_26_3","LIBRSVG_2_2_0","LIBRSVG_2_31_0","help","librsvg-2-13-3","librsvg-2-13-90","librsvg-2-13-93","release-2-2-4","release-2-2-5","release-2-3-0","release-2-4-0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"42.1"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4348.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}