CVE-2018-1000639

Name of the Vulnerable Software and Affected Versions LatexDraw versions prior to 4.0

Description The issue concerns a XML External Entity (XXE) vulnerability in the SVG parsing functionality. This can lead to disclosure of data, server-side request forgery, port scanning, and possibly remote code execution (RCE). The attack is exploitable via a specially crafted SVG file.

Recommendations For versions prior to 4.0, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of SVG files or disabling the SVG parsing functionality until a patch is available.