CVE-2013-1881

EUVD-2013-1880
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
gnomelibrsvg
𝑥
≤ 2.37.0
gnomelibrsvg
1.0.0
gnomelibrsvg
1.0.1
gnomelibrsvg
1.0.2
gnomelibrsvg
1.0.3
gnomelibrsvg
1.1.1
gnomelibrsvg
1.1.2
gnomelibrsvg
1.1.3
gnomelibrsvg
1.1.4
gnomelibrsvg
1.1.5
gnomelibrsvg
1.1.6
gnomelibrsvg
2.0.0
gnomelibrsvg
2.0.1
gnomelibrsvg
2.1.0
gnomelibrsvg
2.1.1
gnomelibrsvg
2.1.2
gnomelibrsvg
2.1.3
gnomelibrsvg
2.1.4
gnomelibrsvg
2.1.5
gnomelibrsvg
2.2.0
gnomelibrsvg
2.2.1
gnomelibrsvg
2.2.2
gnomelibrsvg
2.2.3
gnomelibrsvg
2.2.4
gnomelibrsvg
2.2.5
gnomelibrsvg
2.3.0
gnomelibrsvg
2.3.1
gnomelibrsvg
2.11.0
gnomelibrsvg
2.11.1
gnomelibrsvg
2.12.0
gnomelibrsvg
2.12.1
gnomelibrsvg
2.12.2
gnomelibrsvg
2.12.3
gnomelibrsvg
2.12.4
gnomelibrsvg
2.12.5
gnomelibrsvg
2.12.6
gnomelibrsvg
2.12.7
gnomelibrsvg
2.13.0
gnomelibrsvg
2.13.1
gnomelibrsvg
2.13.2
gnomelibrsvg
2.13.3
gnomelibrsvg
2.13.4
gnomelibrsvg
2.13.5
gnomelibrsvg
2.13.90
gnomelibrsvg
2.13.91
gnomelibrsvg
2.13.92
gnomelibrsvg
2.13.93
gnomelibrsvg
2.14.0
gnomelibrsvg
2.14.1
gnomelibrsvg
2.14.2
gnomelibrsvg
2.14.3
gnomelibrsvg
2.14.4
gnomelibrsvg
2.15.0
gnomelibrsvg
2.15.90
gnomelibrsvg
2.16.0
gnomelibrsvg
2.16.1
gnomelibrsvg
2.18.0
gnomelibrsvg
2.18.1
gnomelibrsvg
2.18.2
gnomelibrsvg
2.20.0
gnomelibrsvg
2.22.0
gnomelibrsvg
2.22.1
gnomelibrsvg
2.22.2
gnomelibrsvg
2.22.3
gnomelibrsvg
2.26.0
gnomelibrsvg
2.26.1
gnomelibrsvg
2.26.2
gnomelibrsvg
2.26.3
gnomelibrsvg
2.31.0
gnomelibrsvg
2.32.0
gnomelibrsvg
2.32.1
gnomelibrsvg
2.34.0
gnomelibrsvg
2.34.1
gnomelibrsvg
2.34.2
gnomelibrsvg
2.35.0
gnomelibrsvg
2.35.1
gnomelibrsvg
2.35.2
gnomelibrsvg
2.36.0
gnomelibrsvg
2.36.1
gnomelibrsvg
2.36.2
gnomelibrsvg
2.36.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
librsvg
bookworm
2.54.7+dfsg-1~deb12u1
fixed
bookworm (security)
2.54.7+dfsg-1~deb12u1
fixed
bullseye
2.50.3+dfsg-1+deb11u1
fixed
bullseye (security)
2.50.3+dfsg-1+deb11u1
fixed
sid
2.59.1+dfsg-1
fixed
trixie
2.59.1+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
librsvg
lucid
ignored
precise
Fixed 2.36.1-0ubuntu1.1
released
quantal
Fixed 2.36.3-0ubuntu1.1
released
raring
ignored
saucy
Fixed 2.36.4-2ubuntu0.1
released
Common Weakness Enumeration
References
http://en.securitylab.ru/lab/PT-2013-01
http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html
http://rhn.redhat.com/errata/RHSA-2014-0127.html
http://secunia.com/advisories/55088
http://www.ubuntu.com/usn/USN-2149-1
http://www.ubuntu.com/usn/USN-2149-2
https://bugzilla.gnome.org/show_bug.cgi?id=691708
http://en.securitylab.ru/lab/PT-2013-01
http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html
http://rhn.redhat.com/errata/RHSA-2014-0127.html
http://secunia.com/advisories/55088
http://www.ubuntu.com/usn/USN-2149-1
http://www.ubuntu.com/usn/USN-2149-2
https://bugzilla.gnome.org/show_bug.cgi?id=691708