Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images
From: Nicolas Grégoire <nicolas.gregoire () agarri fr>
Date: Mon, 17 Dec 2012 21:27:39 +0100


Inkscape is vulnerable to XXE attacks during rasterization/export of SVG
images: https://bugs.launchpad.net/inkscape/+bug/1025185

Impact:
 The impact of this vulnerability range form denial of service to file
disclosure. Under Windows, it can also be used to steal LM/NTLM hashes.

PoC:
 During rasterization, entities declared in the DTD are dereferenced and
the content of the target file is included in the output. Command-line
used: "inkscape -e xxe-inkscape.png xxe.svg" (PoC files are attached to
the ticket)

References:
 CWE-827: Improper Control of Document Type Definition
 http://cwe.mitre.org/data/definitions/827.html

Regards,
Nicolas Grégoire


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault