#VU78756 Path traversal in librsvg - CVE-2023-38633

Cybersecurity Help s.r.o.

Published: 2023-07-28

Vulnerability identifier: #VU78756

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-38633

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
librsvg
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the URL decoder. A remote attacker can pass specially crafted URL to the library and read arbitrary files on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

librsvg: 2.56.0 - 2.56.90

External links
https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3
https://bugzilla.suse.com/show_bug.cgi?id=1213502
https://gitlab.gnome.org/GNOME/librsvg/-/issues/996
https://www.openwall.com/lists/oss-security/2023/07/27/1
https://seclists.org/fulldisclosure/2023/Jul/43

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for librsvg2

Gentoo update for Librsvg

Multiple vulnerabilities in IBM Security Guardium

Multiple vulnerabilities in Migration Toolkit for Applications 6.2

Anolis OS update for librsvg2

Red Hat Enterprise Linux 9 update for librsvg2

VMware Tanzu products update for librsvg

openEuler update for librsvg2

Red Hat Enterprise Linux 9.0 Extended Update Support update for librsvg2

Debian update for librsvg