VDB

GCVE-110-MAGEIA-2014-4

GCVE-110-MAGEIA-2014-4
Advisory Published
Vulnetix · Advisory published January 6, 2014
librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference (CVE-2013-1881). gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg.

Affected Products

VendorProductVersionsPlatforms
Mageiagtk+3.00 (affected), gtk+3.0-3.6.4-1.1.mga3 (unaffected), 0 (affected), gtk+3.0-3.6.4-1.1.mga3 (unaffected)
Mageialibrsvg0 (affected), 2.36.4-2.1.mga3 (unaffected), 2.36.4-2.1.mga3 (unaffected), 0 (affected)
Mageiaapache2.4.4-7.5.mga3 (unaffected), 0 (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›