Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9181

Опубликовано: 27 сент. 2016
Источник: redhat
CVSS3: 7.1
CVSS2: 5.8

Описание

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.

A vulnerability was found in perl-ImageInfo. When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6perl-Image-InfoWill not fix
Red Hat Enterprise Linux 7perl-Image-InfoWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=1379556perl-Image-Info: XXE in SVG files

7.1 High

CVSS3

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9181

CVSS3: 7.1
ubuntu
около 9 лет назад

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.

nvd логотип

CVE-2016-9181

CVSS3: 7.1
nvd
около 9 лет назад

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.

debian логотип

CVE-2016-9181

CVSS3: 7.1
debian
около 9 лет назад

perl-Image-Info: When parsing an SVG file, external entity expansion ( ...

suse-cvrf логотип

openSUSE-SU-2017:0667-1

suse-cvrf
почти 9 лет назад

Security update for perl-Image-Info

github логотип

GHSA-99g7-5p97-g9vw

CVSS3: 7.1
github
больше 3 лет назад

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.

7.1 High

CVSS3

5.8 Medium

CVSS2