Description
librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor.
Published: 2026-04-29
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

librsvg2-bin 2.40.13 contains a local buffer overflow that causes a segmentation fault when processing specially crafted SVG files. The overflow occurs in the cairo image compositor during SVG conversion, leading to a denial of service for the user running the rsvg command. The vulnerability is a classic stack-based buffer overflow (CWE‑120).

Affected Systems

The affected software is librsvg2-bin version 2.40.13, part of the RSVG image library stack on Linux distributions. Systems that run this binary and allow local users to invoke the rsvg conversion tool are susceptible.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. No EPSS data is available, and the vulnerability is not documented in the CISA KEV catalog. Attackers would need local access to the system to supply the crafted SVG file; no remote attack vector is described. The risk could be mitigated by ensuring only trusted users have permission to execute the rsvg command and by updating to a version where the buffer overflow has been fixed.

Generated by OpenCVE AI on April 30, 2026 at 13:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade librsvg2-bin to the latest available version that contains the fix for this overflow.
  • Restrict execution of the rsvg conversion tool to trusted users and validate or sanitize SVG input before processing.
  • Run SVG conversions inside a restricted sandbox or container to limit the impact of a potential crash.

Generated by OpenCVE AI on April 30, 2026 at 13:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Xenial
Xenial rsvg
Vendors & Products Xenial
Xenial rsvg

Wed, 29 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor.
Title librsvg2-bin 2.40.13 Buffer Overflow via Malformed SVG
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-28T14:51:13.052Z

Reserved: 2026-04-29T12:08:56.577Z

Link: CVE-2018-25305

cve-icon Vulnrichment

Updated: 2026-04-30T14:06:19.747Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-29T20:16:25.903

Modified: 2026-06-17T01:55:11.800

Link: CVE-2018-25305

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:00:22Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')