Date: Mon, 17 Dec 2012 21:27:39 +0100 From: Nicolas Grégoire <nicolas.gregoire@...rri.fr> To: oss-security@...ts.openwall.com Subject: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Inkscape is vulnerable to XXE attacks during rasterization/export of SVG images: https://bugs.launchpad.net/inkscape/+bug/1025185 Impact: The impact of this vulnerability range form denial of service to file disclosure. Under Windows, it can also be used to steal LM/NTLM hashes. PoC: During rasterization, entities declared in the DTD are dereferenced and the content of the target file is included in the output. Command-line used: "inkscape -e xxe-inkscape.png xxe.svg" (PoC files are attached to the ticket) References: CWE-827: Improper Control of Document Type Definition http://cwe.mitre.org/data/definitions/827.html Regards, Nicolas Grégoire
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ