XXE Vulnerability in perl-Image-Info Allows Denial of Service and Information Disclosure

XXE Vulnerability in perl-Image-Info Allows Denial of Service and Information Disclosure

CVE-2016-9181 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:P

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.

Learn more about our External Network Penetration Testing.