External Entity Expansion Vulnerability in perl-Image-Info
CVE-2016-9181

7.1HIGH

Key Information:

Vendor: Image-info Project
Status: Image-info For Perl
Vendor: CVE Published:; 22 December 2016

🔔 Create Image-info Project Vulnerability Alert

What is CVE-2016-9181?

The perl-Image-Info library is susceptible to external entity expansion (XXE) attacks due to improper handling of SVG files. This vulnerability allows an attacker to craft a malicious SVG file, potentially resulting in denial of service or unauthorized information disclosure when processed by applications relying on the vulnerable library. Implementing proper entity parsing configurations can mitigate these risks.

References

http://www.openwall.com/lists/oss-security/2016/11/04/2

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/94220

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 22, 2016
Vulnerability Reserved
Nov 4, 2016