Vulnerabilities > CVE-2018-1000639 - XXE vulnerability in Latexdraw Project Latexdraw

CVSS 9.6 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

latexdraw-project

CWE-611

critical

NVD

Published: 2018-08-20

Updated: 2019-09-26

Summary

LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file.

Vulnerable Configurations

Part	Description	Count
Application	Latexdraw_Project Latexdraw Project Latexdraw 3.0.0 Latexdraw Project Latexdraw 3.1 Latexdraw Project Latexdraw 3.2 Latexdraw Project Latexdraw 3.3 Latexdraw Project Latexdraw 3.3.1 Latexdraw Project Latexdraw 3.3.2 Latexdraw Project Latexdraw 3.3.3 Latexdraw Project Latexdraw 3.3.4 Latexdraw Project Latexdraw 3.3.5 Latexdraw Project Latexdraw 3.3.6 Latexdraw Project Latexdraw 3.3.7 Latexdraw Project Latexdraw 3.3.8 Latexdraw Project Latexdraw 3.3.9 Latexdraw Project Latexdraw 4.0	21

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References