PT-2018-1887 · Gnome+2 · Gnome Librsvg+2

Alex Birsan

Published

2017-12-31

Updated

2019-10-03

CVE-2018-1000041

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GNOME librsvg versions prior to commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea

Description The issue is related to improper input validation in the rsvg-io.c file, which can lead to the leakage of a victim's Windows username and NTLM password hash to remote attackers through SMB. This can be exploited by processing a specially crafted SVG file containing a UNC path on Windows. The vulnerability is associated with an error in input data validation, allowing a remote attacker to intercept the victim's Windows username and NTLM password hash via SMB.

Recommendations For versions prior to commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea, consider avoiding the processing of SVG files from untrusted sources until a patch is available. As a temporary workaround, restrict access to SMB shares to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

ALT-PU-2017-2857

BDU:2018-01491

CVE-2018-1000041

DLA-1278-1

MGASA-2018-0291

MGASA-2018-0297

OPENSUSE-SU-2018_1310-1

SUSE-SU-2018:1288-1

SUSE-SU-2018_1288-1

Affected Products

Alt Linux

Gnome Librsvg

Suse

PT-2018-1887 · Gnome+2 · Gnome Librsvg+2

CVE-2018-1000041

Weakness Enumeration

Related Identifiers

Affected Products

References · 26