{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-06T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=691708"}, {"name": "55088", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55088"}, {"name": "USN-2149-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2149-1"}, {"name": "RHSA-2014:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0127.html"}, {"tags": ["x_refsource_MISC"], "url": "http://en.securitylab.ru/lab/PT-2013-01"}, {"name": "openSUSE-SU-2013:1786", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html"}, {"name": "SUSE-SU-2015:1785", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html"}, {"name": "USN-2149-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2149-2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1881", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes", "refsource": "CONFIRM", "url": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes"}, {"name": "https://bugzilla.gnome.org/show_bug.cgi?id=691708", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=691708"}, {"name": "55088", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55088"}, {"name": "USN-2149-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2149-1"}, {"name": "RHSA-2014:0127", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0127.html"}, {"name": "http://en.securitylab.ru/lab/PT-2013-01", "refsource": "MISC", "url": "http://en.securitylab.ru/lab/PT-2013-01"}, {"name": "openSUSE-SU-2013:1786", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html"}, {"name": "SUSE-SU-2015:1785", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html"}, {"name": "USN-2149-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2149-2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:36.945Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=691708"}, {"name": "55088", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55088"}, {"name": "USN-2149-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2149-1"}, {"name": "RHSA-2014:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0127.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://en.securitylab.ru/lab/PT-2013-01"}, {"name": "openSUSE-SU-2013:1786", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html"}, {"name": "SUSE-SU-2015:1785", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html"}, {"name": "USN-2149-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2149-2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1881", "datePublished": "2013-10-10T00:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:36.945Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*", "matchCriteriaId": "26304CB1-170F-4BB7-ACC4-2C41C7B0660B", "versionEndIncluding": "2.37.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0AE8621C-7623-490B-9D21-811DF3F16449", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CD6B4565-0EF5-4A51-A7AA-87A8DA10D5D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "BCDFC87F-C7BC-49C7-900F-B7AFC38F415D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0EBC2319-4523-4117-9576-DE4D46B641D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E601BF04-E60B-4934-AB7C-C9CBBD1C47EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4DC8DCA5-B200-4D79-BD6B-2D16C08D532D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CE19C8F6-0376-4573-A6BA-BEB428EA4028", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCA33041-FFB6-4B1C-97B7-CED775F34F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "1744D33B-982B-4828-B32E-7CA16F4A7035", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "5C869BD4-C9CC-438F-B6B0-810124E9D088", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "266E38C8-F46A-45BA-BDCE-C2D3AFD1F430", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5D794A4-4CE4-47FE-9652-26609C5062AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D73ECCB1-56AA-49D4-A8CA-2C25763E64E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "216AA4FD-69FE-4EB7-8158-F5A8E374FF15", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C9F910E2-A2D7-4F80-97C4-56FB5CD8B4E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1840D7DD-B432-4163-BB71-4823E3CDC85B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "BD9E5A31-7893-457B-855D-7BB8CC87C7F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "B09E7A94-7787-403A-A27A-B9CCF9DF2665", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FDE362B-7533-4144-8A65-C3844E67679E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "07C7CFCD-ABC5-48B9-B26A-CB0F6FC899E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "6B683DD7-EBCF-4177-89D9-3652814D060E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "FF5F053B-D848-45D2-A146-1D03994DD71A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "20B31AF4-CE09-4EBB-AD94-B0EC6C677923", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "9375B30F-4A96-4605-A681-D950D328768F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "76299D97-DE2A-4903-9D9C-D2A046A11CDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA48437A-D16D-404C-A8C4-60F7AC13A920", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "E919CDC2-B700-4C07-BB78-EA222510BB54", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "31E73EAB-E963-4D45-8F35-27D11B0629F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "3430BCCC-1C58-4216-ACEF-96A6EAA0EEBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "363AF753-AC74-4864-9339-B1C538F5EDA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "DEAF665D-717D-4372-AE9D-9CBF5A17EB06", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "6EC683BC-EB87-4460-85CF-B63E1F92910A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "7C006D30-AAC5-4754-ACF9-7497D04A9F16", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "E0A5FC53-E928-455C-A14F-E92DDCCA246B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "2E070609-EF93-4D8F-9B84-1F2774D164BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.7:*:*:*:*:*:*:*", "matchCriteriaId": "244ABB72-D70B-4A2F-9D9C-9D4C475C7196", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "65B06C1F-DB76-42B0-B0E5-63A99443B63E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "547E3592-8406-4968-8C88-568A03427FCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "7FB71338-9C68-4175-A1A5-8CA553C622B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "A06E96E4-6C3C-4512-AA6A-9473D66078BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "1EF5B89F-6B83-42E4-B2F3-0DAD12EB3869", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.5:*:*:*:*:*:*:*", "matchCriteriaId": "44F907B2-8725-4B4F-A8FB-011171BB3990", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.90:*:*:*:*:*:*:*", "matchCriteriaId": "AACF0476-3E57-4F20-8C86-8B7DC2AB8308", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.91:*:*:*:*:*:*:*", "matchCriteriaId": "09900C61-BD02-47A3-9984-7C1A6ADCACFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.92:*:*:*:*:*:*:*", "matchCriteriaId": "8AFA0301-C1D6-419F-8E3D-DF754AD8F57B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.93:*:*:*:*:*:*:*", "matchCriteriaId": "40348F23-9272-4538-8EAD-E91D33724978", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "D1CF3682-8D71-492F-A0D9-D8FD45C91155", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "629A1196-F5FD-405A-8553-9F5DFE7CE877", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DA22214-85FC-4246-AA76-A64EEDDCA5FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.14.3:*:*:*:*:*:*:*", "matchCriteriaId": "1CD34C2F-593E-4CE2-8D2E-1603E583A041", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.14.4:*:*:*:*:*:*:*", "matchCriteriaId": "F18E6DF0-9BFF-4A80-8555-14247486D54A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "795B9E0B-83EC-475B-A256-07D34B727F72", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.15.90:*:*:*:*:*:*:*", "matchCriteriaId": "D6B1E760-8A04-463F-8A7B-ED7DF40409FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "3972F675-A33A-481E-B81C-F89391076A9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFAB1943-EF01-4701-B264-86438F255A26", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "172E415B-79D3-4C4D-9E40-39341F5A55F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.18.1:*:*:*:*:*:*:*", "matchCriteriaId": "46AC7BB2-A0FF-44E0-B0DD-1D791E0D4675", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.18.2:*:*:*:*:*:*:*", "matchCriteriaId": "5BAA1B43-0F64-4624-934A-AADEC07B722F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "486D36E1-9E72-4745-87B4-7136213C2513", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "28AFE066-30F6-4363-85C0-979EF50F62B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "89343DD0-52FB-4FD7-BAA7-8CA1F3A22E7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.22.2:*:*:*:*:*:*:*", "matchCriteriaId": "DE43462F-C349-4B9B-B584-3F809A424039", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.22.3:*:*:*:*:*:*:*", "matchCriteriaId": "B9726FDA-07C1-4D00-B8D1-ED8DB2418B2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.26.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3F0F857-F413-4306-80F9-1E9774F2589B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.26.1:*:*:*:*:*:*:*", "matchCriteriaId": "6DCA0DDF-4DB0-4BE0-B8F6-D8D32242CCDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.26.2:*:*:*:*:*:*:*", "matchCriteriaId": "BCA5D13A-310A-4E16-BFE8-E32E85A7ADE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.26.3:*:*:*:*:*:*:*", "matchCriteriaId": "D9293893-2EC2-485C-9B18-CE83511E5676", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9D87757-8277-4B73-8ACD-D31B742964F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.32.0:*:*:*:*:*:*:*", "matchCriteriaId": "31472960-B23C-44D5-913A-2DBFE4284FD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.32.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B059ACC-5FE7-4E98-8842-A7CF853C749E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F2E0A2E-2B24-4A9E-A9A9-A50CE340B977", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.34.1:*:*:*:*:*:*:*", "matchCriteriaId": "D6084AB6-9E7C-4F6C-B9F0-4CD1C334C208", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.34.2:*:*:*:*:*:*:*", "matchCriteriaId": "E2048467-D0DD-4C35-BF7C-A1AD6733940D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7127598-FAD7-498D-A358-70B61166CD19", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.35.1:*:*:*:*:*:*:*", "matchCriteriaId": "90EC129F-DBC0-4252-956F-3EB743E9869D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.35.2:*:*:*:*:*:*:*", "matchCriteriaId": "90FCC66E-9706-46EE-B94E-5B4F190778FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.36.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6233ED5-D895-430B-92B9-96FE11B01862", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.36.1:*:*:*:*:*:*:*", "matchCriteriaId": "072E0C9A-3976-4092-BE16-B3276878512A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.36.2:*:*:*:*:*:*:*", "matchCriteriaId": "8AD7F41B-8D57-49D8-8CB8-82FA1E4FCF79", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.36.3:*:*:*:*:*:*:*", "matchCriteriaId": "1B6B4A79-CAA2-4FDB-92BB-F512A4C3B91D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}, {"lang": "es", "value": "GNOME libsvg anterior a 2.39.0 permite a atancates remotos leer archivos arbitrarios a trav\u00e9s de documentos XML que contengan una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una entidad referencia, relacionada con un problema en XML External Entity (XXE)."}], "id": "CVE-2013-1881", "lastModified": "2016-12-08T03:03:14.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-10-10T00:55:03.773", "references": [{"source": "secalert@redhat.com", "url": "http://en.securitylab.ru/lab/PT-2013-01"}, {"source": "secalert@redhat.com", "url": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0127.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55088"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2149-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2149-2"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=691708"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:0127", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "librsvg2-0:2.26.0-6.el6_5.3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-02-03T00:00:00Z"}], "bugzilla": {"description": "librsvg2: local resource access vulnerability due to XML External Entity enablement", "id": "924414", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924414"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."], "name": "CVE-2013-1881", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "librsvg2", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "librsvg2", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2013-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1881\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1881"], "statement": "This issue did not affect the versions of librsvg2 as shipped with Red Hat Enterprise Linux 5.", "threat_severity": "Moderate", "upstream_fix": "librsvg2 2.39.0"}