CVE-2013-1881

Name of the Vulnerable Software and Affected Versions librsvg2 versions 2.26.0 GNOME libsvg versions prior to 2.39.0

Description The issue allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely.

Recommendations For librsvg2 version 2.26.0, update to a version that includes the fix for this issue. For GNOME libsvg versions prior to 2.39.0, update to version 2.39.0 or later. As a temporary workaround, consider restricting the use of XML external entities in librsvg2 until a patch is available.