The Image::Info package makes no precautions against external entity expansion in SVG files. A crafted file could cause information disclosure or denial of service. Upstream bug: https://rt.cpan.org/Public/Bug/Display.html?id=118099
Created perl-Image-Info tracking bugs for this issue: Affects: epel-5 [bug 1379557] Affects: fedora-all [bug 1379558]
Upstream patch: http://search.cpan.org/diff?from=Image-Info-1.38&to=Image-Info-1.38_50&w=1
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Acknowledgments: Name: Doran Moppert (Red Hat Product Security Team)