CVE-2018-1000639

Published August 20th, 2018

View on NVD ↗

CVSS v3

9.6

CRITICAL

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file.

latexdraw/latexdraw

A vector drawing editor for LaTeX (JavaFX).

GitHub

446