CVE-2013-1881
Summary
| CVE | CVE-2013-1881 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-10-10 00:55:03 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:M/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gnome | Librsvg | 1.0.0 | All | All | All |
| Application | Gnome | Librsvg | 1.0.1 | All | All | All |
| Application | Gnome | Librsvg | 1.0.2 | All | All | All |
| Application | Gnome | Librsvg | 1.0.3 | All | All | All |
| Application | Gnome | Librsvg | 1.1.1 | All | All | All |
| Application | Gnome | Librsvg | 1.1.2 | All | All | All |
| Application | Gnome | Librsvg | 1.1.3 | All | All | All |
| Application | Gnome | Librsvg | 1.1.4 | All | All | All |
| Application | Gnome | Librsvg | 1.1.5 | All | All | All |
| Application | Gnome | Librsvg | 1.1.6 | All | All | All |
| Application | Gnome | Librsvg | 2.0.0 | All | All | All |
| Application | Gnome | Librsvg | 2.0.1 | All | All | All |
| Application | Gnome | Librsvg | 2.1.0 | All | All | All |
| Application | Gnome | Librsvg | 2.1.1 | All | All | All |
| Application | Gnome | Librsvg | 2.1.2 | All | All | All |
| Application | Gnome | Librsvg | 2.1.3 | All | All | All |
| Application | Gnome | Librsvg | 2.1.4 | All | All | All |
| Application | Gnome | Librsvg | 2.1.5 | All | All | All |
| Application | Gnome | Librsvg | 2.11.0 | All | All | All |
| Application | Gnome | Librsvg | 2.11.1 | All | All | All |
| Application | Gnome | Librsvg | 2.12.0 | All | All | All |
| Application | Gnome | Librsvg | 2.12.1 | All | All | All |
| Application | Gnome | Librsvg | 2.12.2 | All | All | All |
| Application | Gnome | Librsvg | 2.12.3 | All | All | All |
| Application | Gnome | Librsvg | 2.12.4 | All | All | All |
| Application | Gnome | Librsvg | 2.12.5 | All | All | All |
| Application | Gnome | Librsvg | 2.12.6 | All | All | All |
| Application | Gnome | Librsvg | 2.12.7 | All | All | All |
| Application | Gnome | Librsvg | 2.13.0 | All | All | All |
| Application | Gnome | Librsvg | 2.13.1 | All | All | All |
| Application | Gnome | Librsvg | 2.13.2 | All | All | All |
| Application | Gnome | Librsvg | 2.13.3 | All | All | All |
| Application | Gnome | Librsvg | 2.13.4 | All | All | All |
| Application | Gnome | Librsvg | 2.13.5 | All | All | All |
| Application | Gnome | Librsvg | 2.13.90 | All | All | All |
| Application | Gnome | Librsvg | 2.13.91 | All | All | All |
| Application | Gnome | Librsvg | 2.13.92 | All | All | All |
| Application | Gnome | Librsvg | 2.13.93 | All | All | All |
| Application | Gnome | Librsvg | 2.14.0 | All | All | All |
| Application | Gnome | Librsvg | 2.14.1 | All | All | All |
| Application | Gnome | Librsvg | 2.14.2 | All | All | All |
| Application | Gnome | Librsvg | 2.14.3 | All | All | All |
| Application | Gnome | Librsvg | 2.14.4 | All | All | All |
| Application | Gnome | Librsvg | 2.15.0 | All | All | All |
| Application | Gnome | Librsvg | 2.15.90 | All | All | All |
| Application | Gnome | Librsvg | 2.16.0 | All | All | All |
| Application | Gnome | Librsvg | 2.16.1 | All | All | All |
| Application | Gnome | Librsvg | 2.18.0 | All | All | All |
| Application | Gnome | Librsvg | 2.18.1 | All | All | All |
| Application | Gnome | Librsvg | 2.18.2 | All | All | All |
| Application | Gnome | Librsvg | 2.2.0 | All | All | All |
| Application | Gnome | Librsvg | 2.2.1 | All | All | All |
| Application | Gnome | Librsvg | 2.2.2 | All | All | All |
| Application | Gnome | Librsvg | 2.2.3 | All | All | All |
| Application | Gnome | Librsvg | 2.2.4 | All | All | All |
| Application | Gnome | Librsvg | 2.2.5 | All | All | All |
| Application | Gnome | Librsvg | 2.20.0 | All | All | All |
| Application | Gnome | Librsvg | 2.22.0 | All | All | All |
| Application | Gnome | Librsvg | 2.22.1 | All | All | All |
| Application | Gnome | Librsvg | 2.22.2 | All | All | All |
| Application | Gnome | Librsvg | 2.22.3 | All | All | All |
| Application | Gnome | Librsvg | 2.26.0 | All | All | All |
| Application | Gnome | Librsvg | 2.26.1 | All | All | All |
| Application | Gnome | Librsvg | 2.26.2 | All | All | All |
| Application | Gnome | Librsvg | 2.26.3 | All | All | All |
| Application | Gnome | Librsvg | 2.3.0 | All | All | All |
| Application | Gnome | Librsvg | 2.3.1 | All | All | All |
| Application | Gnome | Librsvg | 2.31.0 | All | All | All |
| Application | Gnome | Librsvg | 2.32.0 | All | All | All |
| Application | Gnome | Librsvg | 2.32.1 | All | All | All |
| Application | Gnome | Librsvg | 2.34.0 | All | All | All |
| Application | Gnome | Librsvg | 2.34.1 | All | All | All |
| Application | Gnome | Librsvg | 2.34.2 | All | All | All |
| Application | Gnome | Librsvg | 2.35.0 | All | All | All |
| Application | Gnome | Librsvg | 2.35.1 | All | All | All |
| Application | Gnome | Librsvg | 2.35.2 | All | All | All |
| Application | Gnome | Librsvg | 2.36.0 | All | All | All |
| Application | Gnome | Librsvg | 2.36.1 | All | All | All |
| Application | Gnome | Librsvg | 2.36.2 | All | All | All |
| Application | Gnome | Librsvg | 2.36.3 | All | All | All |
| Application | Gnome | Librsvg | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| USN-2149-1: librsvg vulnerability | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| USN-2149-2: GTK+ update | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| [security-announce] SUSE-SU-2015:1785-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Security Advisory SA55088 - librsvg XML External Entities Information Disclosure Vulnerability - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| openSUSE-SU-2013:1786-1: moderate: librsvg: fixed XML External Entity in | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes | af854a3a-2127-422b-91ae-364da2661108 | ftp.gnome.org | |
| Bug 691708 – vulnerability in librsvg | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.gnome.org | |
| Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | en.securitylab.ru | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.