CVE-2013-1881 - Vulnerability Details

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnome	Librsvg
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:gnome:librsvg::::::::
	cpe:2.3:a:gnome:librsvg:1.0.0:::::::*
	cpe:2.3:a:gnome:librsvg:1.0.1:::::::*
	cpe:2.3:a:gnome:librsvg:1.0.2:::::::*
	cpe:2.3:a:gnome:librsvg:1.0.3:::::::*
	cpe:2.3:a:gnome:librsvg:1.1.1:::::::*
	cpe:2.3:a:gnome:librsvg:1.1.2:::::::*
	cpe:2.3:a:gnome:librsvg:1.1.3:::::::*
	cpe:2.3:a:gnome:librsvg:1.1.4:::::::*
	cpe:2.3:a:gnome:librsvg:1.1.5:::::::*
	cpe:2.3:a:gnome:librsvg:1.1.6:::::::*
	cpe:2.3:a:gnome:librsvg:2.0.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.0.1:::::::*
	cpe:2.3:a:gnome:librsvg:2.1.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.1.1:::::::*
	cpe:2.3:a:gnome:librsvg:2.1.2:::::::*
	cpe:2.3:a:gnome:librsvg:2.1.3:::::::*
	cpe:2.3:a:gnome:librsvg:2.1.4:::::::*
	cpe:2.3:a:gnome:librsvg:2.1.5:::::::*
	cpe:2.3:a:gnome:librsvg:2.2.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.2.1:::::::*
	cpe:2.3:a:gnome:librsvg:2.2.2:::::::*
	cpe:2.3:a:gnome:librsvg:2.2.3:::::::*
	cpe:2.3:a:gnome:librsvg:2.2.4:::::::*
	cpe:2.3:a:gnome:librsvg:2.2.5:::::::*
	cpe:2.3:a:gnome:librsvg:2.3.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.3.1:::::::*
	cpe:2.3:a:gnome:librsvg:2.11.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.11.1:::::::*
	cpe:2.3:a:gnome:librsvg:2.12.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.12.1:::::::*
	cpe:2.3:a:gnome:librsvg:2.12.2:::::::*
	cpe:2.3:a:gnome:librsvg:2.12.3:::::::*
	cpe:2.3:a:gnome:librsvg:2.12.4:::::::*
	cpe:2.3:a:gnome:librsvg:2.12.5:::::::*
	cpe:2.3:a:gnome:librsvg:2.12.6:::::::*
	cpe:2.3:a:gnome:librsvg:2.12.7:::::::*
	cpe:2.3:a:gnome:librsvg:2.13.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.13.1:::::::*
	cpe:2.3:a:gnome:librsvg:2.13.2:::::::*
	cpe:2.3:a:gnome:librsvg:2.13.3:::::::*
	cpe:2.3:a:gnome:librsvg:2.13.4:::::::*
	cpe:2.3:a:gnome:librsvg:2.13.5:::::::*
	cpe:2.3:a:gnome:librsvg:2.13.90:::::::*
	cpe:2.3:a:gnome:librsvg:2.13.91:::::::*
	cpe:2.3:a:gnome:librsvg:2.13.92:::::::*
	cpe:2.3:a:gnome:librsvg:2.13.93:::::::*
	cpe:2.3:a:gnome:librsvg:2.14.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.14.1:::::::*
	cpe:2.3:a:gnome:librsvg:2.14.2:::::::*
	cpe:2.3:a:gnome:librsvg:2.14.3:::::::*
	cpe:2.3:a:gnome:librsvg:2.14.4:::::::*
	cpe:2.3:a:gnome:librsvg:2.15.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.15.90:::::::*
	cpe:2.3:a:gnome:librsvg:2.16.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.16.1:::::::*
	cpe:2.3:a:gnome:librsvg:2.18.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.18.1:::::::*
	cpe:2.3:a:gnome:librsvg:2.18.2:::::::*
	cpe:2.3:a:gnome:librsvg:2.20.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.22.0:::::::*
	cpe:2.3:a:gnome:librsvg:2.22.1:::::::*
	cpe:2.3:a:gnome:librsvg:2.22.2:::::::*
	cpe:2.3:a:gnome:librsvg:2.22.3:::::::*
cpe:2.3:a:gnome:librsvg:2.26.0:::::::*
cpe:2.3:a:gnome:librsvg:2.26.1:::::::*
cpe:2.3:a:gnome:librsvg:2.26.2:::::::*
cpe:2.3:a:gnome:librsvg:2.26.3:::::::*
cpe:2.3:a:gnome:librsvg:2.31.0:::::::*
cpe:2.3:a:gnome:librsvg:2.32.0:::::::*
cpe:2.3:a:gnome:librsvg:2.32.1:::::::*
cpe:2.3:a:gnome:librsvg:2.34.0:::::::*
cpe:2.3:a:gnome:librsvg:2.34.1:::::::*
cpe:2.3:a:gnome:librsvg:2.34.2:::::::*
cpe:2.3:a:gnome:librsvg:2.35.0:::::::*
cpe:2.3:a:gnome:librsvg:2.35.1:::::::*
cpe:2.3:a:gnome:librsvg:2.35.2:::::::*
cpe:2.3:a:gnome:librsvg:2.36.0:::::::*
cpe:2.3:a:gnome:librsvg:2.36.1:::::::*
cpe:2.3:a:gnome:librsvg:2.36.2:::::::*
cpe:2.3:a:gnome:librsvg:2.36.3:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
librsvg2-0:2.26.0-6.el6_5.3	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:0127	2014-02-03T00:00:00Z

References

Link	Providers
http://en.securitylab.ru/lab/PT-2013-01
http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html
http://rhn.redhat.com/errata/RHSA-2014-0127.html
http://secunia.com/advisories/55088
http://www.ubuntu.com/usn/USN-2149-1
http://www.ubuntu.com/usn/USN-2149-2
https://bugzilla.gnome.org/show_bug.cgi?id=691708
https://nvd.nist.gov/vuln/detail/CVE-2013-1881
https://www.cve.org/CVERecord?id=CVE-2013-1881

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-10-10T00:00:00

Updated: 2024-08-06T15:20:36.945Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1881

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-10-10T00:55:03.773

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-1881

Redhat

Severity : Moderate

Publid Date: 2013-08-17T00:00:00Z

Links: CVE-2013-1881 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-06T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=691708"}, {"name": "55088", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55088"}, {"name": "USN-2149-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2149-1"}, {"name": "RHSA-2014:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0127.html"}, {"tags": ["x_refsource_MISC"], "url": "http://en.securitylab.ru/lab/PT-2013-01"}, {"name": "openSUSE-SU-2013:1786", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html"}, {"name": "SUSE-SU-2015:1785", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html"}, {"name": "USN-2149-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2149-2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1881", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes", "refsource": "CONFIRM", "url": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes"}, {"name": "https://bugzilla.gnome.org/show_bug.cgi?id=691708", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=691708"}, {"name": "55088", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55088"}, {"name": "USN-2149-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2149-1"}, {"name": "RHSA-2014:0127", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0127.html"}, {"name": "http://en.securitylab.ru/lab/PT-2013-01", "refsource": "MISC", "url": "http://en.securitylab.ru/lab/PT-2013-01"}, {"name": "openSUSE-SU-2013:1786", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html"}, {"name": "SUSE-SU-2015:1785", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html"}, {"name": "USN-2149-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2149-2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:36.945Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=691708"}, {"name": "55088", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55088"}, {"name": "USN-2149-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2149-1"}, {"name": "RHSA-2014:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0127.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://en.securitylab.ru/lab/PT-2013-01"}, {"name": "openSUSE-SU-2013:1786", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html"}, {"name": "SUSE-SU-2015:1785", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html"}, {"name": "USN-2149-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2149-2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1881", "datePublished": "2013-10-10T00:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:36.945Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*", "matchCriteriaId": "26304CB1-170F-4BB7-ACC4-2C41C7B0660B", "versionEndIncluding": "2.37.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0AE8621C-7623-490B-9D21-811DF3F16449", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CD6B4565-0EF5-4A51-A7AA-87A8DA10D5D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "BCDFC87F-C7BC-49C7-900F-B7AFC38F415D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0EBC2319-4523-4117-9576-DE4D46B641D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E601BF04-E60B-4934-AB7C-C9CBBD1C47EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4DC8DCA5-B200-4D79-BD6B-2D16C08D532D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CE19C8F6-0376-4573-A6BA-BEB428EA4028", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCA33041-FFB6-4B1C-97B7-CED775F34F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "1744D33B-982B-4828-B32E-7CA16F4A7035", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "5C869BD4-C9CC-438F-B6B0-810124E9D088", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "266E38C8-F46A-45BA-BDCE-C2D3AFD1F430", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5D794A4-4CE4-47FE-9652-26609C5062AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D73ECCB1-56AA-49D4-A8CA-2C25763E64E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "216AA4FD-69FE-4EB7-8158-F5A8E374FF15", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C9F910E2-A2D7-4F80-97C4-56FB5CD8B4E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1840D7DD-B432-4163-BB71-4823E3CDC85B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "BD9E5A31-7893-457B-855D-7BB8CC87C7F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "B09E7A94-7787-403A-A27A-B9CCF9DF2665", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FDE362B-7533-4144-8A65-C3844E67679E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "07C7CFCD-ABC5-48B9-B26A-CB0F6FC899E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "6B683DD7-EBCF-4177-89D9-3652814D060E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "FF5F053B-D848-45D2-A146-1D03994DD71A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "20B31AF4-CE09-4EBB-AD94-B0EC6C677923", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "9375B30F-4A96-4605-A681-D950D328768F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "76299D97-DE2A-4903-9D9C-D2A046A11CDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA48437A-D16D-404C-A8C4-60F7AC13A920", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "E919CDC2-B700-4C07-BB78-EA222510BB54", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "31E73EAB-E963-4D45-8F35-27D11B0629F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "3430BCCC-1C58-4216-ACEF-96A6EAA0EEBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "363AF753-AC74-4864-9339-B1C538F5EDA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "DEAF665D-717D-4372-AE9D-9CBF5A17EB06", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "6EC683BC-EB87-4460-85CF-B63E1F92910A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "7C006D30-AAC5-4754-ACF9-7497D04A9F16", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "E0A5FC53-E928-455C-A14F-E92DDCCA246B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "2E070609-EF93-4D8F-9B84-1F2774D164BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.12.7:*:*:*:*:*:*:*", "matchCriteriaId": "244ABB72-D70B-4A2F-9D9C-9D4C475C7196", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "65B06C1F-DB76-42B0-B0E5-63A99443B63E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "547E3592-8406-4968-8C88-568A03427FCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "7FB71338-9C68-4175-A1A5-8CA553C622B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "A06E96E4-6C3C-4512-AA6A-9473D66078BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "1EF5B89F-6B83-42E4-B2F3-0DAD12EB3869", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.5:*:*:*:*:*:*:*", "matchCriteriaId": "44F907B2-8725-4B4F-A8FB-011171BB3990", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.90:*:*:*:*:*:*:*", "matchCriteriaId": "AACF0476-3E57-4F20-8C86-8B7DC2AB8308", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.91:*:*:*:*:*:*:*", "matchCriteriaId": "09900C61-BD02-47A3-9984-7C1A6ADCACFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.92:*:*:*:*:*:*:*", "matchCriteriaId": "8AFA0301-C1D6-419F-8E3D-DF754AD8F57B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.13.93:*:*:*:*:*:*:*", "matchCriteriaId": "40348F23-9272-4538-8EAD-E91D33724978", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "D1CF3682-8D71-492F-A0D9-D8FD45C91155", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "629A1196-F5FD-405A-8553-9F5DFE7CE877", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DA22214-85FC-4246-AA76-A64EEDDCA5FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.14.3:*:*:*:*:*:*:*", "matchCriteriaId": "1CD34C2F-593E-4CE2-8D2E-1603E583A041", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.14.4:*:*:*:*:*:*:*", "matchCriteriaId": "F18E6DF0-9BFF-4A80-8555-14247486D54A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "795B9E0B-83EC-475B-A256-07D34B727F72", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.15.90:*:*:*:*:*:*:*", "matchCriteriaId": "D6B1E760-8A04-463F-8A7B-ED7DF40409FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "3972F675-A33A-481E-B81C-F89391076A9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFAB1943-EF01-4701-B264-86438F255A26", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "172E415B-79D3-4C4D-9E40-39341F5A55F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.18.1:*:*:*:*:*:*:*", "matchCriteriaId": "46AC7BB2-A0FF-44E0-B0DD-1D791E0D4675", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.18.2:*:*:*:*:*:*:*", "matchCriteriaId": "5BAA1B43-0F64-4624-934A-AADEC07B722F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "486D36E1-9E72-4745-87B4-7136213C2513", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "28AFE066-30F6-4363-85C0-979EF50F62B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "89343DD0-52FB-4FD7-BAA7-8CA1F3A22E7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.22.2:*:*:*:*:*:*:*", "matchCriteriaId": "DE43462F-C349-4B9B-B584-3F809A424039", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.22.3:*:*:*:*:*:*:*", "matchCriteriaId": "B9726FDA-07C1-4D00-B8D1-ED8DB2418B2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.26.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3F0F857-F413-4306-80F9-1E9774F2589B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.26.1:*:*:*:*:*:*:*", "matchCriteriaId": "6DCA0DDF-4DB0-4BE0-B8F6-D8D32242CCDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.26.2:*:*:*:*:*:*:*", "matchCriteriaId": "BCA5D13A-310A-4E16-BFE8-E32E85A7ADE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.26.3:*:*:*:*:*:*:*", "matchCriteriaId": "D9293893-2EC2-485C-9B18-CE83511E5676", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9D87757-8277-4B73-8ACD-D31B742964F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.32.0:*:*:*:*:*:*:*", "matchCriteriaId": "31472960-B23C-44D5-913A-2DBFE4284FD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.32.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B059ACC-5FE7-4E98-8842-A7CF853C749E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F2E0A2E-2B24-4A9E-A9A9-A50CE340B977", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.34.1:*:*:*:*:*:*:*", "matchCriteriaId": "D6084AB6-9E7C-4F6C-B9F0-4CD1C334C208", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.34.2:*:*:*:*:*:*:*", "matchCriteriaId": "E2048467-D0DD-4C35-BF7C-A1AD6733940D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7127598-FAD7-498D-A358-70B61166CD19", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.35.1:*:*:*:*:*:*:*", "matchCriteriaId": "90EC129F-DBC0-4252-956F-3EB743E9869D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.35.2:*:*:*:*:*:*:*", "matchCriteriaId": "90FCC66E-9706-46EE-B94E-5B4F190778FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.36.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6233ED5-D895-430B-92B9-96FE11B01862", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.36.1:*:*:*:*:*:*:*", "matchCriteriaId": "072E0C9A-3976-4092-BE16-B3276878512A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.36.2:*:*:*:*:*:*:*", "matchCriteriaId": "8AD7F41B-8D57-49D8-8CB8-82FA1E4FCF79", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:librsvg:2.36.3:*:*:*:*:*:*:*", "matchCriteriaId": "1B6B4A79-CAA2-4FDB-92BB-F512A4C3B91D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}, {"lang": "es", "value": "GNOME libsvg anterior a 2.39.0 permite a atancates remotos leer archivos arbitrarios a trav\u00e9s de documentos XML que contengan una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una entidad referencia, relacionada con un problema en XML External Entity (XXE)."}], "id": "CVE-2013-1881", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-10-10T00:55:03.773", "references": [{"source": "secalert@redhat.com", "url": "http://en.securitylab.ru/lab/PT-2013-01"}, {"source": "secalert@redhat.com", "url": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0127.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55088"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2149-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2149-2"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=691708"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://en.securitylab.ru/lab/PT-2013-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0127.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55088"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2149-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2149-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=691708"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:0127", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "librsvg2-0:2.26.0-6.el6_5.3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-02-03T00:00:00Z"}], "bugzilla": {"description": "librsvg2: local resource access vulnerability due to XML External Entity enablement", "id": "924414", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924414"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."], "name": "CVE-2013-1881", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "librsvg2", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "librsvg2", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2013-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1881\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1881"], "statement": "This issue did not affect the versions of librsvg2 as shipped with Red Hat Enterprise Linux 5.", "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object