CVE-2013-1881

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
gnomelibrsvg
𝑥
≤ 2.37.0
gnomelibrsvg
1.0.0
gnomelibrsvg
1.0.1
gnomelibrsvg
1.0.2
gnomelibrsvg
1.0.3
gnomelibrsvg
1.1.1
gnomelibrsvg
1.1.2
gnomelibrsvg
1.1.3
gnomelibrsvg
1.1.4
gnomelibrsvg
1.1.5
gnomelibrsvg
1.1.6
gnomelibrsvg
2.0.0
gnomelibrsvg
2.0.1
gnomelibrsvg
2.1.0
gnomelibrsvg
2.1.1
gnomelibrsvg
2.1.2
gnomelibrsvg
2.1.3
gnomelibrsvg
2.1.4
gnomelibrsvg
2.1.5
gnomelibrsvg
2.2.0
gnomelibrsvg
2.2.1
gnomelibrsvg
2.2.2
gnomelibrsvg
2.2.3
gnomelibrsvg
2.2.4
gnomelibrsvg
2.2.5
gnomelibrsvg
2.3.0
gnomelibrsvg
2.3.1
gnomelibrsvg
2.11.0
gnomelibrsvg
2.11.1
gnomelibrsvg
2.12.0
gnomelibrsvg
2.12.1
gnomelibrsvg
2.12.2
gnomelibrsvg
2.12.3
gnomelibrsvg
2.12.4
gnomelibrsvg
2.12.5
gnomelibrsvg
2.12.6
gnomelibrsvg
2.12.7
gnomelibrsvg
2.13.0
gnomelibrsvg
2.13.1
gnomelibrsvg
2.13.2
gnomelibrsvg
2.13.3
gnomelibrsvg
2.13.4
gnomelibrsvg
2.13.5
gnomelibrsvg
2.13.90
gnomelibrsvg
2.13.91
gnomelibrsvg
2.13.92
gnomelibrsvg
2.13.93
gnomelibrsvg
2.14.0
gnomelibrsvg
2.14.1
gnomelibrsvg
2.14.2
gnomelibrsvg
2.14.3
gnomelibrsvg
2.14.4
gnomelibrsvg
2.15.0
gnomelibrsvg
2.15.90
gnomelibrsvg
2.16.0
gnomelibrsvg
2.16.1
gnomelibrsvg
2.18.0
gnomelibrsvg
2.18.1
gnomelibrsvg
2.18.2
gnomelibrsvg
2.20.0
gnomelibrsvg
2.22.0
gnomelibrsvg
2.22.1
gnomelibrsvg
2.22.2
gnomelibrsvg
2.22.3
gnomelibrsvg
2.26.0
gnomelibrsvg
2.26.1
gnomelibrsvg
2.26.2
gnomelibrsvg
2.26.3
gnomelibrsvg
2.31.0
gnomelibrsvg
2.32.0
gnomelibrsvg
2.32.1
gnomelibrsvg
2.34.0
gnomelibrsvg
2.34.1
gnomelibrsvg
2.34.2
gnomelibrsvg
2.35.0
gnomelibrsvg
2.35.1
gnomelibrsvg
2.35.2
gnomelibrsvg
2.36.0
gnomelibrsvg
2.36.1
gnomelibrsvg
2.36.2
gnomelibrsvg
2.36.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
librsvg
bullseye (security)
2.50.3+dfsg-1+deb11u1
fixed
bullseye
2.50.3+dfsg-1+deb11u1
fixed
bookworm
2.54.7+dfsg-1~deb12u1
fixed
bookworm (security)
2.54.7+dfsg-1~deb12u1
fixed
sid
2.59.1+dfsg-1
fixed
trixie
2.59.1+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
librsvg
saucy
Fixed 2.36.4-2ubuntu0.1
released
raring
ignored
quantal
Fixed 2.36.3-0ubuntu1.1
released
precise
Fixed 2.36.1-0ubuntu1.1
released
lucid
ignored
Common Weakness Enumeration
References
http://en.securitylab.ru/lab/PT-2013-01
http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html
http://rhn.redhat.com/errata/RHSA-2014-0127.html
http://secunia.com/advisories/55088
http://www.ubuntu.com/usn/USN-2149-1
http://www.ubuntu.com/usn/USN-2149-2
https://bugzilla.gnome.org/show_bug.cgi?id=691708
http://en.securitylab.ru/lab/PT-2013-01
http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html
http://rhn.redhat.com/errata/RHSA-2014-0127.html
http://secunia.com/advisories/55088
http://www.ubuntu.com/usn/USN-2149-1
http://www.ubuntu.com/usn/USN-2149-2
https://bugzilla.gnome.org/show_bug.cgi?id=691708