XML External Entity Vulnerability in GNOME libsvg
CVE-2013-1881

Currently unrated

Key Information:

Vendor: Gnome
Status: Librsvg
Vendor: CVE Published:; 10 October 2013

Summary

The vulnerability in GNOME libsvg before version 2.39.0 permits remote attackers to access arbitrary files within the system. This occurs through an XML document that contains an external entity declaration paired with an entity reference, leading to an XML External Entity (XXE) exploitation. This flaw poses significant security risks and highlights the importance of safeguarding applications against potential XXE vulnerabilities.

References

http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librs...

x_refsource_CONFIRM

https://bugzilla.gnome.org/show_bug.cgi?id=691708

x_refsource_CONFIRM

http://secunia.com/advisories/55088

third-party-advisoryx_refsource_SECUNIA

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 10, 2013
Vulnerability Reserved
Feb 19, 2013