VDB

DEBIAN-CVE-2023-38633

DEBIAN-CVE-2023-38633 PUBLISHED CVSS 5.5 MEDIUM

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:12librsvg*, *, 2.54.5+dfsg-2
Debian:14librsvg0, 0, 0
Debian:11librsvg2.50.3+dfsg, 0, *
Debian:13librsvg0, 0, 0

Timeline

  • Jul 22, 2023 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›