Date: Mon, 17 Dec 2012 21:27:39 +0100 From: Nicolas Grégoire <nicolas.gregoire@...rri.fr> To: oss-security@...ts.openwall.com Subject: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Inkscape is vulnerable to XXE attacks during rasterization/export of SVG images: https://bugs.launchpad.net/inkscape/+bug/1025185 Impact: The impact of this vulnerability range form denial of service to file disclosure. Under Windows, it can also be used to steal LM/NTLM hashes. PoC: During rasterization, entities declared in the DTD are dereferenced and the content of the target file is included in the output. Command-line used: "inkscape -e xxe-inkscape.png xxe.svg" (PoC files are attached to the ticket) References: CWE-827: Improper Control of Document Type Definition http://cwe.mitre.org/data/definitions/827.html Regards, Nicolas Grégoire
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.