oss-sec mailing list archives
CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images
From: Nicolas Grégoire <nicolas.gregoire () agarri fr>
Date: Mon, 17 Dec 2012 21:27:39 +0100
Inkscape is vulnerable to XXE attacks during rasterization/export of SVG images: https://bugs.launchpad.net/inkscape/+bug/1025185 Impact: The impact of this vulnerability range form denial of service to file disclosure. Under Windows, it can also be used to steal LM/NTLM hashes. PoC: During rasterization, entities declared in the DTD are dereferenced and the content of the target file is included in the output. Command-line used: "inkscape -e xxe-inkscape.png xxe.svg" (PoC files are attached to the ticket) References: CWE-827: Improper Control of Document Type Definition http://cwe.mitre.org/data/definitions/827.html Regards, Nicolas Grégoire
Current thread:
- CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Nicolas Grégoire (Dec 17)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Jan Lieskovsky (Dec 19)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 19)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)