Overview
- Description
- LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.6
- Impact score
- 6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-611
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:latexdraw_project:latexdraw:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37717FAE-F7D3-4A17-9E3C-3ACEBBFB00DF",
"versionEndIncluding": "3.3.9"
},
{
"criteria": "cpe:2.3:a:latexdraw_project:latexdraw:4.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A35CB480-8A58-46AA-B908-66789C40BD20"
},
{
"criteria": "cpe:2.3:a:latexdraw_project:latexdraw:4.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "168E806D-33EF-41D2-B04E-C2F65E16DD09"
}
],
"operator": "OR"
}
]
}
]