Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/17/2012 01:27 PM, Nicolas Grégoire wrote:
> Inkscape is vulnerable to XXE attacks during rasterization/export
> of SVG images: https://bugs.launchpad.net/inkscape/+bug/1025185
>
> Impact: The impact of this vulnerability range form denial of
> service to file disclosure. Under Windows, it can also be used to
> steal LM/NTLM hashes.
>
> PoC: During rasterization, entities declared in the DTD are
> dereferenced and the content of the target file is included in the
> output. Command-line used: "inkscape -e xxe-inkscape.png xxe.svg"
> (PoC files are attached to the ticket)
>
> References: CWE-827: Improper Control of Document Type Definition 
> http://cwe.mitre.org/data/definitions/827.html
>
> Regards, Nicolas Grégoire

This already has a CVE reference in the page:

CVE References

2012-1102





- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ0TglAAoJEBYNRVNeJnmTO1QP/i6IySfJlSte8DMMgFPANUrd
U0UWqyHYyfk7eGlAEZEwYPOgyB97hV4NQ0Q2uXNRfRnefyatMR3YGCd+YCx47fER
1ZxgVVDKVzDosJyc2Dcoyu4gG+QF6V98+lbnEgH2VIhqu+VWnT35U2wP7HPNIMYI
zegn9o6uuwt6S4uFujHrCE4xPHTAxZnvgu5l0ucagJZmA2cOXzMSCXrTgILTIW9k
Yk/2sofeB73jnY3GmcAX++GmShaFHibhJweVu0Wai9b5c9+aA1IXJqkPY8Di0lqo
crWaXfaq8D8fIYzIe+RQXjAlXPPjud3827mN1ahhOuKx5PanNed7DPII2gBOvhKS
ZEuc/0mKMqm8lL+lPEePFX4KW8fRLp2djgat+8CpcGI9D7gcl2P7dakib854QNjS
Mv3y/sST1hLOcLqyp7E2PmrMm3hD1gJV3jZcCHSCQnybbogx3YZ9zMf0g8L6zHF/
mjsfBewIw/qxejhQ1UahTz2Ei1xettvimTli65PNwSbxgxQhgrY3rvVQ8qEYou4v
0nV58UH5Oq6sdErg0rUC1rPQJRsFv5uuWMFdVYFvDQiNsBWpIvpp9PnZwvR9Uet8
I09OhIrSYlGUcETk1z0EB7ADoz6SPlafrVdi/fdqzvPSorQ0J2UYpzIViLs/bpAs
fyj6qwxXRgNh2Ia3+VlX
=XMwV
-----END PGP SIGNATURE-----