Headline
Debian Security Advisory 5382-1
Debian Linux Security Advisory 5382-1 - It was reported that cairosvg, a SVG converter based on Cairo, can send requests to external hosts when processing specially crafted SVG files with external file resource loading. An attacker can take advantage of this flaw to perform a server-side request forgery or denial of service. Fetching of external files is disabled by default with this update.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5382-1 [email protected]://www.debian.org/security/ Salvatore BonaccorsoApril 05, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : cairosvgCVE ID : CVE-2023-27586Debian Bug : 1033295It was reported that cairosvg, a SVG converter based on Cairo, can sendrequests to external hosts when processing specially crafted SVG fileswith external file resource loading. An attacker can take advantage ofthis flaw to perform a server-side request forgery or denial of service.Fetching of external files is disabled by default with this update.For the stable distribution (bullseye), this problem has been fixed inversion 2.5.0-1.1+deb11u1.We recommend that you upgrade your cairosvg packages.For the detailed security status of cairosvg please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/cairosvgFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQt1clfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SHSA/+JRGHd5ccJTCZWYjtXDsq3tjP77dofbJW24Q+jEa22iQNkHHaW+k7jA+0DupIu6apNuA8WoGbBYEA24zG0c/XplIKYC7N0e+23wrX0pbamNyENIkWtFKSeY0UnYcNCSD+rL3GasVKiUOvdaWk7PZqxgIU1+ORgnvDVUHY2BB15cEVDKAvcwIrd71KkU6JbGdAoufek30UszsyMTs+ULp00uErgzq3jrxnJ5NCAnj8i7sI+DGY/aqEkOFEgZi7gIRDkK68VPMxQAUFCB7n/vIsqFrJTdwJ3xIhaZixEXgbLr4TBY1VhqixljNijSq2A72lTqotiKbXLiBy8l2vf+9T1au9qhImMViN3Sr6NDm3mjc/2wQv8ECopMiXMsbaJOjS/Fslbzc6jleK+xvhwkpwqbOYd9eyhX5FEEGdzHRJR093dy7Rp1t58QIkjOw4gS5psq6YEDtcTwyA7CAUZpZ0KGPiaM9+sY68iFsIa/b3HKnkGD+/Xp727CZLStSTYx/LOB/VSGOhxmSxQMpVJ9UMcFoCFfq+4xij1losWprs4nbEa/4CsPWWYuL/eWuMywMvev9adj55x6voruJ2eKxFFiQ+wR2JcdKXY5oXqzNAfjKLLHPjzq2co0OsIJ9x3kAM9eCct13Iq1gsz4tuj3zJgI4458cci5iMiRKjwdsClAM=vgG/-----END PGP SIGNATURE-----Related news
# SSRF vulnerability ## Summary When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. ## Operating system, version and so on Linux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara), python 3.9 ## Tested CairoSVG version 2.6.0 ## Details A specially crafted SVG file that loads an external resource from a URL. Remote attackers could exploit this vulnerability to cause a scan of an organization's internal resources or a DDOS attack on external resources. It looks like this bug can affect websites and cause request forgery on the server. ## PoC 1. Generating malicious svg file: 1.1 CairoSVG_exploit.svg: ```svg <?xml version="1.0" standalone="yes"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"> <image height="200" width="200" xlink:href...
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default.