CVE-2023-38633
MEDIUM5.5EPSS 43.6%librsvg - security update
Published: 7/22/2023Modified: 4/28/2026
Description
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Affected packages (2)
- Debian/librsvgfrom 0, < 2.50.3+dfsg-1+deb11u1
- Debian/librsvgfrom 0, < 2.50.3+dfsg-1+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |