Main Vulnerability Database Vulnerabilities #VU104

XML SVG image external entity processing flaw in Apple Safari - #VU104

Published: July 8, 2016 / Updated: July 12, 2020

Vulnerability identifier: #VU104

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-611

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
Apple Safari

Detailed vulnerability description

The vulnerability allows a remote attacker to conduct XML external entity attacks to obtain files on the target system in certain cases. The vulnerability exists in SVG image external entity processing. A remote unauthenticated attacker can read files on the target user's system by creating a specially crafted SVG image, when it is loaded by the target user. Successful exploitation of this vulnerability may result in disclosure of system information,

Remediation

Cybersecurity Help is currently unaware of any official solution, which resolves this vulnerability.

Sources

https://www.wearesegment.com/research/Apple-Safari-for-Mac-OS-X-SVG-local-XXE

XML SVG image external entity processing flaw in Apple Safari - #VU104

Detailed vulnerability description

Remediation

Sources

Please verify you're human