Lucene search
Ubuntu.comUB:CVE-2013-1881HistoryOct 09, 2013 - 12:00 a.m.
CVE-2013-1881
2013-10-0900:00:00
ubuntu.com
ubuntu.com
9
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.0%
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files
via an XML document containing an external entity declaration in
conjunction with an entity reference, related to an XML External Entity
(XXE) issue.
Bugs
- <https://bugzilla.redhat.com/show_bug.cgi?id=924414>
- <https://bugzilla.redhat.com/show_bug.cgi?id=1061085 (regression)>
- <https://bugzilla.gnome.org/show_bug.cgi?id=691708>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724741>
Notes
| Author | Note |
|---|---|
| mdeslaur | fixing this also requires a change to gtk+ in raring and earlier |
Related
suse
suse
Security update for librsvg (important)
2015-10-20 13:10:05
nessus
nessus
SUSE SLED11 / SLES11 Security Update : librsvg (SUSE-SU-2015:1785-1)
2015-10-22 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.10 : librsvg vulnerability (USN-2149-1)
2014-03-18 00:00:00
Oracle Linux 6 : librsvg2 (ELSA-2014-0127)
2014-02-04 00:00:00
centos
centos
librsvg2 security update
2014-02-04 05:35:04
cve
cve
CVE-2013-1881
2013-10-10 00:55:00
openvas
openvas
Ubuntu Update for gtk+3.0 USN-2149-2
2014-03-20 00:00:00
Ubuntu Update for librsvg USN-2149-1
2014-03-20 00:00:00
RedHat Update for librsvg2 RHSA-2014:0127-01
2014-02-11 00:00:00
prion
prion
Xxe
2013-10-10 00:55:00
debiancve
debiancve
CVE-2013-1881
2013-10-10 00:55:00
ubuntu
ubuntu
GTK+ update
2014-03-17 00:00:00
librsvg vulnerability
2014-03-17 00:00:00
mageia
mageia
Updated librsvg and gtk+3.0 packages fix security vulnerability
2014-01-06 05:08:20
cvelist
cvelist
CVE-2013-1881
2013-10-10 00:00:00
redhat
redhat
(RHSA-2014:0127) Moderate: librsvg2 security update
2014-02-03 00:00:00
securityvulns
securityvulns
libsvg information leakage
2014-01-29 00:00:00
[ MDVSA-2014:009 ] librsvg
2014-01-29 00:00:00
veracode
veracode
XML External Entity (XXE)
2019-01-15 08:56:03
oraclelinux
oraclelinux
librsvg2 security update (updated 02/05/2014)
2014-02-03 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.0%
Related for UB:CVE-2013-1881