librsvg - (bulletinoct2019)ID: oval:org.secpod.oval:def:2105089 | Date: (C)2019-12-31 (M)2021-07-08 |
Class: PATCH | Family: unix |
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim"s Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
Product: |
library/libsoup |
library/liblouis |
image/library/librsvg |
desktop/xdg/xdg-utils |
desktop/pdf-viewer/evince |