CVE-2013-1881: Input Validation
First published: Thu Oct 10 2013(Updated: )
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS Librsvg2 | <=2.37.0 | |
| CentOS Librsvg2 | =1.0.0 | |
| CentOS Librsvg2 | =1.0.1 | |
| CentOS Librsvg2 | =1.0.2 | |
| CentOS Librsvg2 | =1.0.3 | |
| CentOS Librsvg2 | =1.1.1 | |
| CentOS Librsvg2 | =1.1.2 | |
| CentOS Librsvg2 | =1.1.3 | |
| CentOS Librsvg2 | =1.1.4 | |
| CentOS Librsvg2 | =1.1.5 | |
| CentOS Librsvg2 | =1.1.6 | |
| CentOS Librsvg2 | =2.0.0 | |
| CentOS Librsvg2 | =2.0.1 | |
| CentOS Librsvg2 | =2.1.0 | |
| CentOS Librsvg2 | =2.1.1 | |
| CentOS Librsvg2 | =2.1.2 | |
| CentOS Librsvg2 | =2.1.3 | |
| CentOS Librsvg2 | =2.1.4 | |
| CentOS Librsvg2 | =2.1.5 | |
| CentOS Librsvg2 | =2.2.0 | |
| CentOS Librsvg2 | =2.2.1 | |
| CentOS Librsvg2 | =2.2.2 | |
| CentOS Librsvg2 | =2.2.3 | |
| CentOS Librsvg2 | =2.2.4 | |
| CentOS Librsvg2 | =2.2.5 | |
| CentOS Librsvg2 | =2.3.0 | |
| CentOS Librsvg2 | =2.3.1 | |
| CentOS Librsvg2 | =2.11.0 | |
| CentOS Librsvg2 | =2.11.1 | |
| CentOS Librsvg2 | =2.12.0 | |
| CentOS Librsvg2 | =2.12.1 | |
| CentOS Librsvg2 | =2.12.2 | |
| CentOS Librsvg2 | =2.12.3 | |
| CentOS Librsvg2 | =2.12.4 | |
| CentOS Librsvg2 | =2.12.5 | |
| CentOS Librsvg2 | =2.12.6 | |
| CentOS Librsvg2 | =2.12.7 | |
| CentOS Librsvg2 | =2.13.0 | |
| CentOS Librsvg2 | =2.13.1 | |
| CentOS Librsvg2 | =2.13.2 | |
| CentOS Librsvg2 | =2.13.3 | |
| CentOS Librsvg2 | =2.13.4 | |
| CentOS Librsvg2 | =2.13.5 | |
| CentOS Librsvg2 | =2.13.90 | |
| CentOS Librsvg2 | =2.13.91 | |
| CentOS Librsvg2 | =2.13.92 | |
| CentOS Librsvg2 | =2.13.93 | |
| CentOS Librsvg2 | =2.14.0 | |
| CentOS Librsvg2 | =2.14.1 | |
| CentOS Librsvg2 | =2.14.2 | |
| CentOS Librsvg2 | =2.14.3 | |
| CentOS Librsvg2 | =2.14.4 | |
| CentOS Librsvg2 | =2.15.0 | |
| CentOS Librsvg2 | =2.15.90 | |
| CentOS Librsvg2 | =2.16.0 | |
| CentOS Librsvg2 | =2.16.1 | |
| CentOS Librsvg2 | =2.18.0 | |
| CentOS Librsvg2 | =2.18.1 | |
| CentOS Librsvg2 | =2.18.2 | |
| CentOS Librsvg2 | =2.20.0 | |
| CentOS Librsvg2 | =2.22.0 | |
| CentOS Librsvg2 | =2.22.1 | |
| CentOS Librsvg2 | =2.22.2 | |
| CentOS Librsvg2 | =2.22.3 | |
| CentOS Librsvg2 | =2.26.0 | |
| CentOS Librsvg2 | =2.26.1 | |
| CentOS Librsvg2 | =2.26.2 | |
| CentOS Librsvg2 | =2.26.3 | |
| CentOS Librsvg2 | =2.31.0 | |
| CentOS Librsvg2 | =2.32.0 | |
| CentOS Librsvg2 | =2.32.1 | |
| CentOS Librsvg2 | =2.34.0 | |
| CentOS Librsvg2 | =2.34.1 | |
| CentOS Librsvg2 | =2.34.2 | |
| CentOS Librsvg2 | =2.35.0 | |
| CentOS Librsvg2 | =2.35.1 | |
| CentOS Librsvg2 | =2.35.2 | |
| CentOS Librsvg2 | =2.36.0 | |
| CentOS Librsvg2 | =2.36.1 | |
| CentOS Librsvg2 | =2.36.2 | |
| CentOS Librsvg2 | =2.36.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://en.securitylab.ru/lab/PT-2013-01
- http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html
- http://rhn.redhat.com/errata/RHSA-2014-0127.html
- http://secunia.com/advisories/55088
- http://www.ubuntu.com/usn/USN-2149-1
- http://www.ubuntu.com/usn/USN-2149-2
- https://bugzilla.gnome.org/show_bug.cgi?id=691708
Frequently Asked Questions
What is the severity of CVE-2013-1881?
CVE-2013-1881 is categorized as a high severity vulnerability due to its potential for file disclosure via XML External Entity (XXE) exploitation.
How do I fix CVE-2013-1881?
To fix CVE-2013-1881, upgrade GNOME libsvg to version 2.39.0 or later to mitigate the vulnerability.
What types of attacks can exploit CVE-2013-1881?
CVE-2013-1881 can be exploited through crafted XML documents that contain external entity declarations and references.
Which versions of GNOME librsvg are affected by CVE-2013-1881?
CVE-2013-1881 affects all versions of GNOME librsvg prior to 2.39.0.
How can I identify if my systems are vulnerable to CVE-2013-1881?
You can identify vulnerability to CVE-2013-1881 by checking the installed version of GNOME librsvg on your systems.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gnome
- canonical/centos librsvg2
- version/centos librsvg2/2.37.0
- version/centos librsvg2/1.0.0
- version/centos librsvg2/1.0.1
- version/centos librsvg2/1.0.2
- version/centos librsvg2/1.0.3
- version/centos librsvg2/1.1.1
- version/centos librsvg2/1.1.2
- version/centos librsvg2/1.1.3
- version/centos librsvg2/1.1.4
- version/centos librsvg2/1.1.5
- version/centos librsvg2/1.1.6
- version/centos librsvg2/2.0.0
- version/centos librsvg2/2.0.1
- version/centos librsvg2/2.1.0
- version/centos librsvg2/2.1.1
- version/centos librsvg2/2.1.2
- version/centos librsvg2/2.1.3
- version/centos librsvg2/2.1.4
- version/centos librsvg2/2.1.5
- version/centos librsvg2/2.2.0
- version/centos librsvg2/2.2.1
- version/centos librsvg2/2.2.2
- version/centos librsvg2/2.2.3
- version/centos librsvg2/2.2.4
- version/centos librsvg2/2.2.5
- version/centos librsvg2/2.3.0
- version/centos librsvg2/2.3.1
- version/centos librsvg2/2.11.0
- version/centos librsvg2/2.11.1
- version/centos librsvg2/2.12.0
- version/centos librsvg2/2.12.1
- version/centos librsvg2/2.12.2
- version/centos librsvg2/2.12.3
- version/centos librsvg2/2.12.4
- version/centos librsvg2/2.12.5
- version/centos librsvg2/2.12.6
- version/centos librsvg2/2.12.7
- version/centos librsvg2/2.13.0
- version/centos librsvg2/2.13.1
- version/centos librsvg2/2.13.2
- version/centos librsvg2/2.13.3
- version/centos librsvg2/2.13.4
- version/centos librsvg2/2.13.5
- version/centos librsvg2/2.13.90
- version/centos librsvg2/2.13.91
- version/centos librsvg2/2.13.92
- version/centos librsvg2/2.13.93
- version/centos librsvg2/2.14.0
- version/centos librsvg2/2.14.1
- version/centos librsvg2/2.14.2
- version/centos librsvg2/2.14.3
- version/centos librsvg2/2.14.4
- version/centos librsvg2/2.15.0
- version/centos librsvg2/2.15.90
- version/centos librsvg2/2.16.0
- version/centos librsvg2/2.16.1
- version/centos librsvg2/2.18.0
- version/centos librsvg2/2.18.1
- version/centos librsvg2/2.18.2
- version/centos librsvg2/2.20.0
- version/centos librsvg2/2.22.0
- version/centos librsvg2/2.22.1
- version/centos librsvg2/2.22.2
- version/centos librsvg2/2.22.3
- version/centos librsvg2/2.26.0
- version/centos librsvg2/2.26.1
- version/centos librsvg2/2.26.2
- version/centos librsvg2/2.26.3
- version/centos librsvg2/2.31.0
- version/centos librsvg2/2.32.0
- version/centos librsvg2/2.32.1
- version/centos librsvg2/2.34.0
- version/centos librsvg2/2.34.1
- version/centos librsvg2/2.34.2
- version/centos librsvg2/2.35.0
- version/centos librsvg2/2.35.1
- version/centos librsvg2/2.35.2
- version/centos librsvg2/2.36.0
- version/centos librsvg2/2.36.1
- version/centos librsvg2/2.36.2
- version/centos librsvg2/2.36.3