{"id":"CVE-2016-6163","details":"The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.","modified":"2026-03-14T09:21:27.846542Z","published":"2017-02-03T15:59:00.493Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/04/3"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/05/9"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353520"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/librsvg","events":[{"introduced":"0"},{"last_affected":"02cb19835cb52bd84b0b5eaca1b4d6338417d261"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.40.2"}]}}],"versions":["2.34.0","2.34.1","2.35.0","2.35.1","2.35.2","2.36.0","2.36.1","2.36.2","2.36.3","2.36.4","2.37.0","2.39.0","2.40.0","2.40.1","2.40.2","GNOME_2_4_BRANCHPOINT","LIBRSVG_0_0_1","LIBRSVG_1_0_0","LIBRSVG_1_0_1","LIBRSVG_1_0_ANCHOR","LIBRSVG_1_1_1","LIBRSVG_1_1_2","LIBRSVG_1_1_3","LIBRSVG_1_1_4","LIBRSVG_1_1_5","LIBRSVG_1_1_6","LIBRSVG_2_0_1","LIBRSVG_2_1_0","LIBRSVG_2_1_1","LIBRSVG_2_1_2","LIBRSVG_2_1_3","LIBRSVG_2_1_4","LIBRSVG_2_1_5","LIBRSVG_2_22_3","LIBRSVG_2_26_2","LIBRSVG_2_26_3","LIBRSVG_2_2_0","LIBRSVG_2_31_0","help","librsvg-2-13-3","librsvg-2-13-90","librsvg-2-13-93","release-2-2-4","release-2-2-5","release-2-3-0","release-2-4-0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6163.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}