Home

CVE-2018-1000041

Description

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victims Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.645

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2018:1288-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdk-pixbuf-loader-rsvg-2.40.20-5.6.1.x86_64.rpmLinux
SUSE-SU-2018:1288-1(SUSE Linux Enterprise Desktop 12-SP3 ) gdk-pixbuf-loader-rsvg-debuginfo-2.40.20-5.6.1.x86_64.rpmLinux
SUSE-SU-2018:1288-1(SUSE Linux Enterprise Desktop 12-SP3 ) librsvg-2-2-2.40.20-5.6.1.x86_64.rpmLinux
SUSE-SU-2018:1288-1(SUSE Linux Enterprise Desktop 12-SP3 ) librsvg-2-2-32bit-2.40.20-5.6.1.x86_64.rpmLinux
SUSE-SU-2018:1288-1(SUSE Linux Enterprise Desktop 12-SP3 ) librsvg-2-2-debuginfo-2.40.20-5.6.1.x86_64.rpmLinux
SUSE-SU-2018:1288-1(SUSE Linux Enterprise Desktop 12-SP3 ) librsvg-2-2-debuginfo-32bit-2.40.20-5.6.1.x86_64.rpmLinux
SUSE-SU-2018:1288-1(SUSE Linux Enterprise Desktop 12-SP3 ) librsvg-debugsource-2.40.20-5.6.1.x86_64.rpmLinux
SUSE-SU-2018:1288-1(SUSE Linux Enterprise Desktop 12-SP3 ) rsvg-view-2.40.20-5.6.1.x86_64.rpmLinux
SUSE-SU-2018:1288-1(SUSE Linux Enterprise Desktop 12-SP3 ) rsvg-view-debuginfo-2.40.20-5.6.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234