CVE-2016-9181

{"id": "CVE-2016-9181", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2016-12-22T21:59:00.193", "references": [{"url": "http://www.openwall.com/lists/oss-security/2016/11/04/2", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/94220", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379556", "tags": ["Third Party Advisory", "VDB Entry"], "source": "nvd@nist.gov"}, {"url": "http://www.openwall.com/lists/oss-security/2016/11/04/2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/94220", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure."}, {"lang": "es", "value": "perl-Image-Info: Cuando se analiza un archivo SVG, no se desabilita la expansi\u00f3n de entidad externa (XXE). Un atacante puede manipular un archivo SVG que, cuando se procesa por una aplicaci\u00f3n que utiliza perl-Image-Info, puede provocar una denegaci\u00f3n de servicio o, potencialmente, revelaci\u00f3n de informaci\u00f3n."}], "lastModified": "2024-11-21T03:00:44.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:image-info_project:image-info_for_perl:1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FBC8CDC-FD6A-41B8-AF83-4DEE26B4D0EE"}, {"criteria": "cpe:2.3:a:image-info_project:image-info_for_perl:1.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE637822-F098-4108-B459-BC30461EEC2F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}