PT-2018-5262 · Google · Androidsvg

Prodigysml

Published

2018-01-03

Updated

2020-01-30

CVE-2017-1000498

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AndroidSVG version 1.2.2

Description The issue affects the SVG parsing component, making it vulnerable to XXE attacks. This can result in denial of service and possibly remote code execution.

Recommendations For AndroidSVG version 1.2.2, update to a version that fixes the XXE vulnerability in the SVG parsing component to prevent denial of service and potential remote code execution.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2017-1000498

GHSA-G556-X5VX-QH59

Affected Products

Androidsvg

PT-2018-5262 · Google · Androidsvg

CVE-2017-1000498

Weakness Enumeration

Related Identifiers

Affected Products

References · 6