CVE-2018-1000041

CVE: CVE-2018-1000041
Published: 2018-02-09T23:29Z
Vendor: gnome
Products: librsvg
Versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.3.0, 2.3.1, 2.4.0, 2.5.0, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.7.0, 2.7.1, 2.7.2, 2.8.0, 2.8.1, 2.9.5, 2.11.0, 2.11.1, 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 2.13.0, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.13.5, 2.13.90, 2.13.91, 2.13.92, 2.13.93, 2.14.0, 2.14.1, 2.14.2, 2.14.3, 2.14.4, 2.15.0, 2.15.90, 2.16.0, 2.16.1, 2.18.0, 2.18.1, 2.18.2, 2.20.0, 2.22.0, 2.22.1, 2.22.2, 2.22.3, 2.26.0, 2.26.1, 2.26.2, 2.26.3, 2.31.0, 2.32.0, 2.32.1, 2.34.0, 2.34.1, 2.34.2, 2.35.0, 2.35.1, 2.35.2, 2.36.0, 2.36.1, 2.36.2, 2.36.3, 2.37.0, 2.39.0, 2.40.1, 2.40.6, 2.40.11,
Vendor: debian
Products: debian_linux
Versions: 7.0,
Description Language: en
Description: GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim’s Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
References:
https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea
https://github.com/ImageMagick/librsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd
https://lists.debian.org/debian-lts-announce/2018/02/msg00013.html