Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3858 articles · 169563 vulns · 37/41 feeds (7d)
← Back to list
6.2
CVE-2018-25305EXPLOITED
the gnome project · librsvg

librsvg2-bin 2.40.13 Buffer Overflow via Malformed SVG

Description

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor.

Affected Products

VendorProductVersions
the gnome projectlibrsvg2.40.13

References

  • https://www.exploit-db.com/exploits/44491(exploit)
  • https://www.vulncheck.com/advisories/librsvg2-bin-buffer-overflow-via-malformed-svg(third-party-advisory)

Related News (1 articles)

Tier C
VulDB62d ago
CVE-2018-25305 | xenial librsvg2-bin 2.40.13 SVG File buffer overflow (Exploit 44491 / EDB-44491)
→ No new info (linked only)
CVSS 3.16.2 NONE
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-120
PublishedApr 29, 2026
Last enriched62d agov2
Trending Score0
Source articles1
Independent1
Info Completeness9/14
Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-58011EXP
Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
Trending: 78
CRITICALCVE-2026-58012EXP
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
Trending: 70
HIGHCVE-2026-58016EXP
Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
Trending: 67
CRITICALCVE-2026-58015EXP
Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
Trending: 60
NONECVE-2026-6324EXP
Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
Trending: 1

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Apr 29, 2026
Discovered by ZDM
Apr 29, 2026
Updated: severity, exploitAvailable, activelyExploited
Apr 30, 2026
Actively Exploited
May 28, 2026
Exploit Available
May 28, 2026

Version History

v2
Last enriched 62d ago
v2Tier C62d ago

Updated severity to CRITICAL and marked exploit as available and actively exploited.

severityexploitAvailableactivelyExploited
via VulDB
v162d ago

Initial creation