CVE-2013-1881 — Improper Input Validation in Librsvg

CWE-20 — Improper Input Validation9 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

7.8%

top 8.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Librsvg Debian Librsvg

Timeline

PublishedOct 10

Latest updateMay 17

Description

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debiangnome/librsvg< 2.40.0-1+3

▶NVDgnome/librsvg2.37.0+80

▶debiandebian/librsvg< librsvg 2.40.0-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-w223-x3f9-926w: GNOME libsvg before 2↗2022-05-17

▶

OSV

CVE-2013-1881: GNOME libsvg before 2↗2013-10-10

▶

📋Vendor Advisories

Ubuntu

GTK+ update↗2014-03-17

▶

Ubuntu

librsvg vulnerability↗2014-03-17

▶

Red Hat

librsvg2: local resource access vulnerability due to XML External Entity enablement↗2013-08-17

▶

Debian

CVE-2013-1881: librsvg - GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via a...↗2013

▶

💬Community

Bugzilla

CVE-2013-1881 librsvg2: local resource access vulnerability due to XML External Entity enablement [fedora-all]↗2013-09-17

▶

Bugzilla

CVE-2013-1881 librsvg2: local resource access vulnerability due to XML External Entity enablement↗2013-03-21

▶