GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victims Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Librsvg | Gnome | * | 2.41.2 (excluding) |
Librsvg | Ubuntu | upstream | * |