CVE-2018-1000041
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
GNOME librsvg, en versiones anteriores al commit con ID c6ddf2ed4d768fd88adbea2b63f575cd523022ea, contiene una vulnerabilidad de validación de entradas indebida en rsvg-io.c que puede resultar en que el hash del nombre de usuario de Windows y la contraseña NTLM de una víctima se filtren a atacantes remotos mediante SMB. El ataque parece ser explotable mediante una víctima que procese un archivo SVG especialmente manipulado que contenga una ruta UNC en Windows.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-05 CVE Reserved
- 2018-02-09 CVE Published
- 2023-08-12 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea | Third Party Advisory | |
https://github.com/ImageMagick/librsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2018/02/msg00013.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnome Search vendor "Gnome" | Librsvg Search vendor "Gnome" for product "Librsvg" | < 2.41.2 Search vendor "Gnome" for product "Librsvg" and version " < 2.41.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
|