Lucene search

[email protected]NVD:CVE-2013-1881

HistoryOct 10, 2013 - 12:55 a.m.

CVE-2013-1881

2013-10-1000:55:03

CWE-20

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

gnomelibrsvgRange≤2.37.0

gnomelibrsvgMatch1.0.0

gnomelibrsvgMatch1.0.1

gnomelibrsvgMatch1.0.2

gnomelibrsvgMatch1.0.3

gnomelibrsvgMatch1.1.1

gnomelibrsvgMatch1.1.2

gnomelibrsvgMatch1.1.3

gnomelibrsvgMatch1.1.4

gnomelibrsvgMatch1.1.5

gnomelibrsvgMatch1.1.6

gnomelibrsvgMatch2.0.0

gnomelibrsvgMatch2.0.1

gnomelibrsvgMatch2.1.0

gnomelibrsvgMatch2.1.1

gnomelibrsvgMatch2.1.2

gnomelibrsvgMatch2.1.3

gnomelibrsvgMatch2.1.4

gnomelibrsvgMatch2.1.5

gnomelibrsvgMatch2.2.0

gnomelibrsvgMatch2.2.1

gnomelibrsvgMatch2.2.2

gnomelibrsvgMatch2.2.3

gnomelibrsvgMatch2.2.4

gnomelibrsvgMatch2.2.5

gnomelibrsvgMatch2.3.0

gnomelibrsvgMatch2.3.1

gnomelibrsvgMatch2.11.0

gnomelibrsvgMatch2.11.1

gnomelibrsvgMatch2.12.0

gnomelibrsvgMatch2.12.1

gnomelibrsvgMatch2.12.2

gnomelibrsvgMatch2.12.3

gnomelibrsvgMatch2.12.4

gnomelibrsvgMatch2.12.5

gnomelibrsvgMatch2.12.6

gnomelibrsvgMatch2.12.7

gnomelibrsvgMatch2.13.0

gnomelibrsvgMatch2.13.1

gnomelibrsvgMatch2.13.2

gnomelibrsvgMatch2.13.3

gnomelibrsvgMatch2.13.4

gnomelibrsvgMatch2.13.5

gnomelibrsvgMatch2.13.90

gnomelibrsvgMatch2.13.91

gnomelibrsvgMatch2.13.92

gnomelibrsvgMatch2.13.93

gnomelibrsvgMatch2.14.0

gnomelibrsvgMatch2.14.1

gnomelibrsvgMatch2.14.2

gnomelibrsvgMatch2.14.3

gnomelibrsvgMatch2.14.4

gnomelibrsvgMatch2.15.0

gnomelibrsvgMatch2.15.90

gnomelibrsvgMatch2.16.0

gnomelibrsvgMatch2.16.1

gnomelibrsvgMatch2.18.0

gnomelibrsvgMatch2.18.1

gnomelibrsvgMatch2.18.2

gnomelibrsvgMatch2.20.0

gnomelibrsvgMatch2.22.0

gnomelibrsvgMatch2.22.1

gnomelibrsvgMatch2.22.2

gnomelibrsvgMatch2.22.3

gnomelibrsvgMatch2.26.0

gnomelibrsvgMatch2.26.1

gnomelibrsvgMatch2.26.2

gnomelibrsvgMatch2.26.3

gnomelibrsvgMatch2.31.0

gnomelibrsvgMatch2.32.0

gnomelibrsvgMatch2.32.1

gnomelibrsvgMatch2.34.0

gnomelibrsvgMatch2.34.1

gnomelibrsvgMatch2.34.2

gnomelibrsvgMatch2.35.0

gnomelibrsvgMatch2.35.1

gnomelibrsvgMatch2.35.2

gnomelibrsvgMatch2.36.0

gnomelibrsvgMatch2.36.1

gnomelibrsvgMatch2.36.2

gnomelibrsvgMatch2.36.3

References

en.securitylab.ru/lab/PT-2013-01

ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes

lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html

lists.opensuse.org/opensuse-updates/2013-11/msg00114.html

rhn.redhat.com/errata/RHSA-2014-0127.html

secunia.com/advisories/55088

www.ubuntu.com/usn/USN-2149-1

www.ubuntu.com/usn/USN-2149-2

bugzilla.gnome.org/show_bug.cgi?id=691708

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for NVD:CVE-2013-1881

cve1 nessus9 suse1 centos1 openvas11 ubuntu2 securityvulns2 veracode1 redhat1 ubuntucve1 mageia1 prion1 cvelist1 debiancve1 oraclelinux1