1
Candidate: CVE-2018-1000041
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000041
6
GNOME librsvg version before commit
7
c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input
8
validation vulnerability in rsvg-io.c that can result in the victim's
9
Windows username and NTLM password hash being leaked to remote attackers
10
through SMB. This attack appear to be exploitable via The victim must
11
process a specially crafted SVG file containing an UNC path on Windows.
14
mdeslaur> vulnerability is windows-specific
22
upstream: https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea
23
other: https://github.com/ImageMagick/librsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd
24
upstream_librsvg: released (2.40.20-1)
25
precise/esm_librsvg: DNE
26
trusty_librsvg: not-affected
27
xenial_librsvg: not-affected
28
artful_librsvg: not-affected
29
devel_librsvg: not-affected (2.40.20-2)