CVE-2018-1000041
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000041
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000041.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-1000041
- Downstream
- Related
- Published
- 2018-02-09T23:29:01.260Z
- Modified
- 2025-11-14T05:24:01.092033Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
- References
Affected packages
Git
github.com/gnome/librsvg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gnome/librsvg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.34.0
2.34.1
2.35.0
2.35.1
2.35.2
2.36.0
2.36.1
2.36.2
2.36.3
2.36.4
2.37.0
2.39.0
2.40.0
2.40.1
2.40.10
2.40.11
2.40.12
2.40.13
2.40.14
2.40.15
2.40.16
2.40.2
2.40.3
2.40.4
2.40.5
2.40.6
2.40.7
2.40.8
2.40.9
2.41.0
2.41.1
Other
GNOME_2_4_BRANCHPOINT
LIBRSVG_0_0_1
LIBRSVG_1_0_0
LIBRSVG_1_0_1
LIBRSVG_1_0_ANCHOR
LIBRSVG_1_1_1
LIBRSVG_1_1_2
LIBRSVG_1_1_3
LIBRSVG_1_1_4
LIBRSVG_1_1_5
LIBRSVG_1_1_6
LIBRSVG_2_0_1
LIBRSVG_2_1_0
LIBRSVG_2_1_1
LIBRSVG_2_1_2
LIBRSVG_2_1_3
LIBRSVG_2_1_4
LIBRSVG_2_1_5
LIBRSVG_2_22_3
LIBRSVG_2_26_2
LIBRSVG_2_26_3
LIBRSVG_2_2_0
LIBRSVG_2_31_0
help
librsvg-2-13-3
librsvg-2-13-90
librsvg-2-13-93
release-2-2-4
release-2-2-5
release-2-3-0
release-2-4-0
github.com/imagemagick/rsvg
Affected ranges
- Type
- GIT
- Repo
- https://github.com/imagemagick/rsvg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"digest": {
"length": 459.0,
"function_hash": "286195117430778398300004990827169289423"
},
"target": {
"file": "rsvg-io.c",
"function": "_rsvg_io_get_file_path"
},
"deprecated": false,
"id": "CVE-2018-1000041-1102b600",
"signature_version": "v1",
"source": "https://github.com/imagemagick/rsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"86022843286549888837123888105820422322",
"259425425816889724692286720210443290915",
"334295550670766026233948921873805680696",
"46920378987764707177351963029730365800"
],
"threshold": 0.9
},
"target": {
"file": "rsvg-io.c"
},
"deprecated": false,
"id": "CVE-2018-1000041-b44f622c",
"signature_version": "v1",
"source": "https://github.com/imagemagick/rsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd",
"signature_type": "Line"
}
]
gitlab.gnome.org/GNOME/librsvg
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.gnome.org/GNOME/librsvg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.34.0
2.34.1
2.35.0
2.35.1
2.35.2
2.36.0
2.36.1
2.36.2
2.36.3
2.36.4
2.37.0
2.39.0
2.40.0
2.40.1
2.40.10
2.40.11
2.40.12
2.40.13
2.40.14
2.40.15
2.40.16
2.40.2
2.40.3
2.40.4
2.40.5
2.40.6
2.40.7
2.40.8
2.40.9
2.41.0
2.41.1
Other
GNOME_2_4_BRANCHPOINT
LIBRSVG_0_0_1
LIBRSVG_1_0_0
LIBRSVG_1_0_1
LIBRSVG_1_0_ANCHOR
LIBRSVG_1_1_1
LIBRSVG_1_1_2
LIBRSVG_1_1_3
LIBRSVG_1_1_4
LIBRSVG_1_1_5
LIBRSVG_1_1_6
LIBRSVG_2_0_1
LIBRSVG_2_1_0
LIBRSVG_2_1_1
LIBRSVG_2_1_2
LIBRSVG_2_1_3
LIBRSVG_2_1_4
LIBRSVG_2_1_5
LIBRSVG_2_22_3
LIBRSVG_2_26_2
LIBRSVG_2_26_3
LIBRSVG_2_2_0
LIBRSVG_2_31_0
help
librsvg-2-13-3
librsvg-2-13-90
librsvg-2-13-93
release-2-2-4
release-2-2-5
release-2-3-0
release-2-4-0