oss-sec mailing list archives
Re: CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Wed, 6 Sep 2023 13:00:05 -0700
On 7/27/23 13:36, Alan Coopersmith wrote:
I haven't seen this go by yet, so for those who haven't seen it: https://gitlab.gnome.org/GNOME/librsvg/-/issues/996 reports: CVE-2023-38633: Arbitrary file read when xinclude href has special characters This was reported by Zac Sims.
Zac's writeup on how the bug was found is now available at: https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/ It points to a root cause of mixing two different URL parsers, with one used to validate the URL and a different one used to load the content from it. -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Current thread:
- CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters Alan Coopersmith (Jul 27)
- Re: CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters Alan Coopersmith (Sep 06)