Path traversal in librsvg

#VU78756 Path traversal in librsvg

Cybersecurity Help s.r.o.

Published: 2023-07-28

Vulnerability identifier: #VU78756

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38633

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
librsvg
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the URL decoder. A remote attacker can pass specially crafted URL to the library and read arbitrary files on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

librsvg: 2.56.0 - 2.56.90

External links
http://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3
http://bugzilla.suse.com/show_bug.cgi?id=1213502
http://gitlab.gnome.org/GNOME/librsvg/-/issues/996
http://www.openwall.com/lists/oss-security/2023/07/27/1
http://seclists.org/fulldisclosure/2023/Jul/43

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Librsvg

Multiple vulnerabilities in IBM Security Guardium

Multiple vulnerabilities in Migration Toolkit for Applications 6.2

Red Hat Enterprise Linux 9 update for librsvg2

VMware Tanzu products update for librsvg

openEuler update for librsvg2

Red Hat Enterprise Linux 9.0 Extended Update Support update for librsvg2

Debian update for librsvg

Fedora 37 update for librsvg2

Fedora 38 update for librsvg2