Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images
From: Nicolas Grégoire <nicolas.gregoire () agarri fr>
Date: Mon, 17 Dec 2012 21:27:39 +0100

Inkscape is vulnerable to XXE attacks during rasterization/export of SVG
images: https://bugs.launchpad.net/inkscape/+bug/1025185

 The impact of this vulnerability range form denial of service to file
disclosure. Under Windows, it can also be used to steal LM/NTLM hashes.

 During rasterization, entities declared in the DTD are dereferenced and
the content of the target file is included in the output. Command-line
used: "inkscape -e xxe-inkscape.png xxe.svg" (PoC files are attached to
the ticket)

 CWE-827: Improper Control of Document Type Definition

Nicolas Grégoire

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]