A vulnerability was found in perl-ImageInfo. When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.
The Image::Info package makes no precautions against external entity
expansion in SVG files. A crafted file could cause information disclosure
or denial of service.
Created perl-Image-Info tracking bugs for this issue:
Affects: epel-5 [bug 1379557]
Affects: fedora-all [bug 1379558]
Red Hat Product Security has rated this issue as having Low security
impact. This issue is not currently planned to be addressed in future
updates. For additional information, refer to the Issue Severity
Name: Doran Moppert (Red Hat Product Security Team)