Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 18 Dec 2012 20:44:37 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/17/2012 01:27 PM, Nicolas Grégoire wrote:

Inkscape is vulnerable to XXE attacks during rasterization/export
of SVG images: https://bugs.launchpad.net/inkscape/+bug/1025185

Impact: The impact of this vulnerability range form denial of
service to file disclosure. Under Windows, it can also be used to
steal LM/NTLM hashes.

PoC: During rasterization, entities declared in the DTD are
dereferenced and the content of the target file is included in the
output. Command-line used: "inkscape -e xxe-inkscape.png xxe.svg"
(PoC files are attached to the ticket)

References: CWE-827: Improper Control of Document Type Definition 
http://cwe.mitre.org/data/definitions/827.html

Regards, Nicolas Grégoire

This already has a CVE reference in the page:

CVE References

2012-1102





- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ0TglAAoJEBYNRVNeJnmTO1QP/i6IySfJlSte8DMMgFPANUrd
U0UWqyHYyfk7eGlAEZEwYPOgyB97hV4NQ0Q2uXNRfRnefyatMR3YGCd+YCx47fER
1ZxgVVDKVzDosJyc2Dcoyu4gG+QF6V98+lbnEgH2VIhqu+VWnT35U2wP7HPNIMYI
zegn9o6uuwt6S4uFujHrCE4xPHTAxZnvgu5l0ucagJZmA2cOXzMSCXrTgILTIW9k
Yk/2sofeB73jnY3GmcAX++GmShaFHibhJweVu0Wai9b5c9+aA1IXJqkPY8Di0lqo
crWaXfaq8D8fIYzIe+RQXjAlXPPjud3827mN1ahhOuKx5PanNed7DPII2gBOvhKS
ZEuc/0mKMqm8lL+lPEePFX4KW8fRLp2djgat+8CpcGI9D7gcl2P7dakib854QNjS
Mv3y/sST1hLOcLqyp7E2PmrMm3hD1gJV3jZcCHSCQnybbogx3YZ9zMf0g8L6zHF/
mjsfBewIw/qxejhQ1UahTz2Ei1xettvimTli65PNwSbxgxQhgrY3rvVQ8qEYou4v
0nV58UH5Oq6sdErg0rUC1rPQJRsFv5uuWMFdVYFvDQiNsBWpIvpp9PnZwvR9Uet8
I09OhIrSYlGUcETk1z0EB7ADoz6SPlafrVdi/fdqzvPSorQ0J2UYpzIViLs/bpAs
fyj6qwxXRgNh2Ia3+VlX
=XMwV
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]