Vulnerabilities > CVE-2016-9181 - XXE vulnerability in Image-Info Project Image-Info for Perl 1.16/1.30
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | SuSE Local Security Checks |
| NASL id | OPENSUSE-2017-327.NASL |
| description | This update for perl-Image-Info fixes the following issues : - update to version 1.39 to fix a potential security issue. A crafted SVG file could have caused information disclosure or denial of service by using external entitity expansion (XXE). This is a potentially incompatible change; however usually SVG files do not rely on XXE. (boo#1008647, CVE-2016-9181) |
| last seen | 2020-06-05 |
| modified | 2017-03-14 |
| plugin id | 97710 |
| published | 2017-03-14 |
| reporter | This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/97710 |
| title | openSUSE Security Update : perl-Image-Info (openSUSE-2017-327) |