High severity8.8NVD Advisory· Published Feb 9, 2018· Updated Jun 17, 2026
CVE-2018-1000041
CVE-2018-1000041
Description
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Range: < c6ddf2ed4d768fd88adbea2b63f575cd523022ea
- osv-coords4 versionspkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 2.40.20-5.6.1+ 3 more
- (no CPE)range: < 2.40.20-5.6.1
- (no CPE)range: < 2.40.20-5.6.1
- (no CPE)range: < 2.40.20-5.6.1
- (no CPE)range: < 2.40.20-5.6.1
Patches
Vulnerability mechanics
References
3- github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022eanvdThird Party Advisory
- github.com/ImageMagick/librsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547ddnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/02/msg00013.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.