oss-sec mailing list archives
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 18 Dec 2012 20:44:37 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/17/2012 01:27 PM, Nicolas Grégoire wrote:
Inkscape is vulnerable to XXE attacks during rasterization/export of SVG images: https://bugs.launchpad.net/inkscape/+bug/1025185 Impact: The impact of this vulnerability range form denial of service to file disclosure. Under Windows, it can also be used to steal LM/NTLM hashes. PoC: During rasterization, entities declared in the DTD are dereferenced and the content of the target file is included in the output. Command-line used: "inkscape -e xxe-inkscape.png xxe.svg" (PoC files are attached to the ticket) References: CWE-827: Improper Control of Document Type Definition http://cwe.mitre.org/data/definitions/827.html Regards, Nicolas Grégoire
This already has a CVE reference in the page: CVE References 2012-1102 - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ0TglAAoJEBYNRVNeJnmTO1QP/i6IySfJlSte8DMMgFPANUrd U0UWqyHYyfk7eGlAEZEwYPOgyB97hV4NQ0Q2uXNRfRnefyatMR3YGCd+YCx47fER 1ZxgVVDKVzDosJyc2Dcoyu4gG+QF6V98+lbnEgH2VIhqu+VWnT35U2wP7HPNIMYI zegn9o6uuwt6S4uFujHrCE4xPHTAxZnvgu5l0ucagJZmA2cOXzMSCXrTgILTIW9k Yk/2sofeB73jnY3GmcAX++GmShaFHibhJweVu0Wai9b5c9+aA1IXJqkPY8Di0lqo crWaXfaq8D8fIYzIe+RQXjAlXPPjud3827mN1ahhOuKx5PanNed7DPII2gBOvhKS ZEuc/0mKMqm8lL+lPEePFX4KW8fRLp2djgat+8CpcGI9D7gcl2P7dakib854QNjS Mv3y/sST1hLOcLqyp7E2PmrMm3hD1gJV3jZcCHSCQnybbogx3YZ9zMf0g8L6zHF/ mjsfBewIw/qxejhQ1UahTz2Ei1xettvimTli65PNwSbxgxQhgrY3rvVQ8qEYou4v 0nV58UH5Oq6sdErg0rUC1rPQJRsFv5uuWMFdVYFvDQiNsBWpIvpp9PnZwvR9Uet8 I09OhIrSYlGUcETk1z0EB7ADoz6SPlafrVdi/fdqzvPSorQ0J2UYpzIViLs/bpAs fyj6qwxXRgNh2Ia3+VlX =XMwV -----END PGP SIGNATURE-----
Current thread:
- CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Nicolas Grégoire (Dec 17)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Jan Lieskovsky (Dec 19)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 19)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)