Bug 1379556 (CVE-2016-9181)
| Summary: | CVE-2016-9181 perl-Image-Info: XXE in SVG files | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Doran Moppert <dmoppert> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | carnil, jfearn, perl-devel, perl-maint-list, ppisar, psabata, rob.myers, sardella, tcallawa |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | perl-Image-Info 1.39 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in perl-ImageInfo. When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-17 02:46:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1379557, 1379558 | ||
| Bug Blocks: | 1377998 | ||
|
Description
Doran Moppert
2016-09-27 06:53:28 UTC
Created perl-Image-Info tracking bugs for this issue: Affects: epel-5 [bug 1379557] Affects: fedora-all [bug 1379558] Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Acknowledgments: Name: Doran Moppert (Red Hat Product Security Team) |