Vulnerability Details CVE-2018-1000639
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.5%
CVSS Severity
CVSS v3 Score 9.6
CVSS v2 Score 6.8
References
Products affected by CVE-2018-1000639
-
cpe:2.3:a:latexdraw_project:latexdraw:3.0.0
-
cpe:2.3:a:latexdraw_project:latexdraw:3.1
-
cpe:2.3:a:latexdraw_project:latexdraw:3.2
-
cpe:2.3:a:latexdraw_project:latexdraw:3.3
-
cpe:2.3:a:latexdraw_project:latexdraw:3.3.1
-
cpe:2.3:a:latexdraw_project:latexdraw:3.3.2
-
cpe:2.3:a:latexdraw_project:latexdraw:3.3.3
-
cpe:2.3:a:latexdraw_project:latexdraw:3.3.4
-
cpe:2.3:a:latexdraw_project:latexdraw:3.3.5
-
cpe:2.3:a:latexdraw_project:latexdraw:3.3.6
-
cpe:2.3:a:latexdraw_project:latexdraw:3.3.7
-
cpe:2.3:a:latexdraw_project:latexdraw:3.3.8
-
cpe:2.3:a:latexdraw_project:latexdraw:3.3.9
-
cpe:2.3:a:latexdraw_project:latexdraw:4.0