Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Dec 2012 21:27:39 +0100
From: Nicolas Grégoire <nicolas.gregoire@...rri.fr>
To: oss-security@...ts.openwall.com
Subject: CVE request: Inkscape fixes a XXE vulnerability during
 rasterization of SVG images


Inkscape is vulnerable to XXE attacks during rasterization/export of SVG
images: https://bugs.launchpad.net/inkscape/+bug/1025185

Impact:
 The impact of this vulnerability range form denial of service to file
disclosure. Under Windows, it can also be used to steal LM/NTLM hashes.

PoC:
 During rasterization, entities declared in the DTD are dereferenced and
the content of the target file is included in the output. Command-line
used: "inkscape -e xxe-inkscape.png xxe.svg" (PoC files are attached to
the ticket)

References:
 CWE-827: Improper Control of Document Type Definition
 http://cwe.mitre.org/data/definitions/827.html

Regards,
Nicolas Grégoire

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ