CVE-2016-9181

Upstream information

CVE-2016-9181 at MITRE

Description

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	5.8
Vector	AV:N/AC:M/Au:N/C:P/I:N/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	Partial

CVSS v3 Scores
	National Vulnerability Database
Base Score	7.1
Vector	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Attack Vector	Local
Attack Complexity	Low
Privileges Required	None
User Interaction	Required
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	None
Availability Impact	High
CVSSv3 Version	3

SUSE Bugzilla entry: 1008647 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2017:0667-1, published Sat, 11 Mar 2017 15:10:00 +0100 (CET)

SUSE Timeline for this CVE

CVE page created: Fri Nov 4 08:24:11 2016
CVE page last modified: Wed Oct 26 20:13:34 2022

CVE-2016-9181

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

SUSE Security Advisories:

SUSE Timeline for this CVE

Business-Critical Linux

Enterprise Container Management

Edge

ソリューション

Industries

サポート

SUSEグローバルサービス

サポートリソース

パートナー

Communities

概要