| |
Vulnerability CVE-2018-1000639
Published: 2018-08-20
| Description: |
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file. |
Type:
CWE-611 (Information Exposure Through XML External Entity Reference)
CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.8/10 |
6.4/10 |
8.6/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://0dd.zone/2018/08/05/LatexDraw-XXE/
https://github.com/arnobl/latexdraw/issues/10
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
