Lucene search
Ubuntu.comUB:CVE-2023-38633HistoryJul 22, 2023 - 12:00 a.m.
CVE-2023-38633
2023-07-2200:00:00
ubuntu.com
ubuntu.com
5
cve-2023-38633
directory traversal
url decoder
librsvg
remote attackers
local attackers
sensitive files disclosure
gnu/linux
vulnerability.
0.002 Low
EPSS
Percentile
52.0%
A directory traversal problem in the URL decoder of librsvg before 2.56.3
could be used by local or remote attackers to disclose files (on the local
filesystem outside of the expected area), as demonstrated by
href=“.?../…/…/…/…/…/…/…/…/…/etc/passwd” in an xi:include element.
Bugs
- <https://gitlab.gnome.org/GNOME/librsvg/-/issues/996>
- <https://bugzilla.suse.com/show_bug.cgi?id=1213502>
- <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041810>
Notes
| Author | Note |
|---|---|
| alexmurray | PoC is provided in the oss-security post as well as the upstream bug report. |
Related
oraclelinux
oraclelinux
librsvg2 security update
2023-09-13 00:00:00
nessus
nessus
RHEL 9 : librsvg2 (RHSA-2023:5081)
2023-09-12 00:00:00
Oracle Linux 9 : librsvg2 (ELSA-2023-5081)
2023-09-13 00:00:00
AlmaLinux 9 : librsvg2 (ALSA-2023:5081)
2023-09-14 00:00:00
osv
osv
Moderate: librsvg2 security update
2023-09-12 00:00:00
CVE-2023-38633
2023-07-22 17:15:09
librsvg vulnerability
2023-08-01 11:43:51
prion
prion
Directory traversal
2023-07-22 17:15:00
alpinelinux
alpinelinux
CVE-2023-38633
2023-07-22 17:15:09
redos
redos
ROS-20230911-09
2023-09-11 00:00:00
mageia
mageia
Updated librsvg packages fix security vulnerability
2023-09-11 16:07:54
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0259)
2023-09-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3208-1)
2023-08-08 00:00:00
Fedora: Security Advisory for librsvg2 (FEDORA-2023-fc79ee273d)
2023-08-05 00:00:00
redhat
redhat
(RHSA-2023:5081) Moderate: librsvg2 security update
2023-09-12 07:43:42
(RHSA-2023:4809) Moderate: librsvg2 security update
2023-08-29 07:29:09
veracode
veracode
Information Disclosure
2023-08-08 05:28:14
fedora
fedora
[SECURITY] Fedora 38 Update: librsvg2-2.56.3-1.fc38
2023-08-04 01:29:53
[SECURITY] Fedora 37 Update: librsvg2-2.54.6-1.fc37
2023-08-17 00:34:16
debiancve
debiancve
CVE-2023-38633
2023-07-22 17:15:09
cvelist
cvelist
CVE-2023-38633
2023-07-22 00:00:00
cloudfoundry
cloudfoundry
USN-6266-1: librsvg vulnerability | Cloud Foundry
2023-08-16 00:00:00
redhatcve
redhatcve
CVE-2023-38633
2023-07-26 08:55:52
cve
cve
CVE-2023-38633
2023-07-22 17:15:09
debian
debian
[SECURITY] [DSA 5484-1] librsvg security update
2023-08-27 14:28:48
almalinux
almalinux
Moderate: librsvg2 security update
2023-09-12 00:00:00
ubuntu
ubuntu
librsvg vulnerability
2023-08-01 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2276
2023-10-22 06:30:12
ibm
ibm
hp
hp
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00