SB2016070804 - XML SVG image external entity processing flaw in Apple Safari
Published: July 8, 2016 Updated: July 12, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) XML SVG image external entity processing flaw (CVE-ID: N/A)
CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to conduct XML external entity attacks to obtain files on the target system in certain cases. The vulnerability exists in SVG image external entity processing. A remote unauthenticated attacker can read files on the target user's system by creating a specially crafted SVG image, when it is loaded by the target user. Successful exploitation of this vulnerability may result in disclosure of system information,
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.