VDB
CVE-2018-1000041
CVE-2018-1000041
PUBLISHED
CVSS 4.300000190734863 MEDIUM
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
EPSS 0.65% · 71.1th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
0.65%
71.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| gnome | librsvg | 0 |
| debian | debian_linux | 7.0 |
| n/a | n/a | n/a |
Timeline
- Feb 9, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://github.com/ImageMagick/librsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd url
- https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea url
- [debian-lts-announce] 20180212 [SECURITY] [DLA 1278-1] librsvg security update mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000041 advisory