Veracode Vulnerability DatabaseVERACODE:42641Information Disclosure
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
52.4%
librsvg is vulnerable to Information Disclosure. This vulnerability occurs when Libsvg parses a specially crafted SVG file that contains a directory traversal sequence. If the file is valid, Libsvg could allow the user to access files outside of the intended directory. This could be exploited by an attacker to read sensitive files, such as passwords or configuration files.
References
seclists.org/fulldisclosure/2023/Jul/43
www.openwall.com/lists/oss-security/2023/07/27/1
www.openwall.com/lists/oss-security/2023/09/06/10
bugzilla.suse.com/show_bug.cgi?id=1213502
gitlab.gnome.org/GNOME/librsvg/-/issues/996
gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/
lists.fedoraproject.org/archives/list/[email protected]/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/
lists.fedoraproject.org/archives/list/[email protected]/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/
news.ycombinator.com/item?id=37415799
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.18/community.yaml
security.netapp.com/advisory/ntap-20230831-0011/
www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/
www.debian.org/security/2023/dsa-5484
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
52.4%