CVE-2018-1000041Sensitive Information Exposure in Librsvg

CWE-200Sensitive Information Exposure7 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 29.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Gnome LibrsvgDebian LinuxDebian Librsvg
Timeline
PublishedFeb 9
Latest updateMay 13

Description

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDgnome/librsvg< 2.41.2

Also affects: Debian Linux 7.0

🔴Vulnerability Details

1
GHSA
GHSA-8xg7-956h-4q23: GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io2022-05-13

📋Vendor Advisories

2
Red Hat
librsvg: Improper input validation vulnerability in rsvg-io.c2018-06-07
Debian
CVE-2018-1000041: librsvg - GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea con...2018

💬Community

3
Bugzilla
CVE-2018-1000041 mingw-librsvg2: librsvg: Improper input validation vulnerability in rsvg-io.c [fedora-all]2018-06-07
Bugzilla
CVE-2018-1000041 librsvg: Improper input validation vulnerability in rsvg-io.c2018-06-07
Bugzilla
CVE-2018-1000041 librsvg2: librsvg: Improper input validation vulnerability in rsvg-io.c [fedora-all]2018-06-07
CVE-2018-1000041 — Sensitive Information Exposure | cvebase