CVE-2018-1000041 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-1000041 Interim 1 25 2026-03-05T06:32:54Z current 2021-05-30T14:20:19Z 2026-03-05T06:32:54Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-1000041 GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-May/004049.html E-Mail link for SUSE-SU-2018:1288-1 https://lists.suse.com/pipermail/sle-security-updates/2020-March/006618.html E-Mail link for SUSE-SU-2020:14323-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DTKWC72TTFQRPDIR7NQAP626FP6F3FZR/#DTKWC72TTFQRPDIR7NQAP626FP6F3FZR E-Mail link for openSUSE-SU-2018:1310-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 libcroco-0_6-3-0.6.1-122.6.1 libcroco-0_6-3-32bit-0.6.1-122.6.1 librsvg-2-2-2.40.20-5.6.1 librsvg-2-2-32bit-2.40.20-5.6.1 librsvg-2.26.0-2.6.8.3 librsvg-32bit-2.26.0-2.6.8.3 librsvg-devel-2.40.20-5.6.1 rsvg-view-2.26.0-2.6.8.3 rsvg-view-2.40.20-5.6.1 typelib-1_0-Rsvg-2_0-2.40.20-5.6.1 gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production librsvg-2-2-2.40.20-5.6.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production librsvg-2-2-2.40.20-5.6.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 librsvg-2-2-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 librsvg-2-2-32bit-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 rsvg-view-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 librsvg-2-2-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 librsvg-2-2-32bit-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 rsvg-view-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 librsvg-2-2-2.40.20-5.6.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 librsvg-2-2-32bit-2.40.20-5.6.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 rsvg-view-2.40.20-5.6.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 libcroco-0_6-3-0.6.1-122.6.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA libcroco-0_6-3-32bit-0.6.1-122.6.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA librsvg-2.26.0-2.6.8.3 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA librsvg-32bit-2.26.0-2.6.8.3 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA rsvg-view-2.26.0-2.6.8.3 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA libcroco-0_6-3-0.6.1-122.6.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA libcroco-0_6-3-32bit-0.6.1-122.6.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA librsvg-2.26.0-2.6.8.3 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA librsvg-32bit-2.26.0-2.6.8.3 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA rsvg-view-2.26.0-2.6.8.3 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP3 librsvg-2-2-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP3 librsvg-2-2-32bit-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP3 rsvg-view-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP3 gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP4 librsvg-2-2-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP4 librsvg-2-2-32bit-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP4 rsvg-view-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP4 gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 librsvg-2-2-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 librsvg-2-2-32bit-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 rsvg-view-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 librsvg-2-2-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 librsvg-2-2-32bit-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 rsvg-view-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 librsvg-2-2-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 librsvg-2-2-32bit-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 rsvg-view-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 librsvg-devel-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 typelib-1_0-Rsvg-2_0-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 librsvg-devel-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 typelib-1_0-Rsvg-2_0-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 librsvg-devel-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 typelib-1_0-Rsvg-2_0-2.40.20-5.6.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. CVE-2018-1000041 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:librsvg-2-2-2.40.20-5.6.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:librsvg-2-2-2.40.20-5.6.1 SUSE Linux Enterprise Desktop 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 SUSE Linux Enterprise Desktop 12 SP3:librsvg-2-2-2.40.20-5.6.1 SUSE Linux Enterprise Desktop 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1 SUSE Linux Enterprise Desktop 12 SP3:rsvg-view-2.40.20-5.6.1 SUSE Linux Enterprise Desktop 12 SP4:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 SUSE Linux Enterprise Desktop 12 SP4:librsvg-2-2-2.40.20-5.6.1 SUSE Linux Enterprise Desktop 12 SP4:librsvg-2-2-32bit-2.40.20-5.6.1 SUSE Linux Enterprise Desktop 12 SP4:rsvg-view-2.40.20-5.6.1 SUSE Linux Enterprise High Performance Computing 12 SP5:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 SUSE Linux Enterprise High Performance Computing 12 SP5:librsvg-2-2-2.40.20-5.6.1 SUSE Linux Enterprise High Performance Computing 12 SP5:librsvg-2-2-32bit-2.40.20-5.6.1 SUSE Linux Enterprise High Performance Computing 12 SP5:rsvg-view-2.40.20-5.6.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:libcroco-0_6-3-0.6.1-122.6.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:libcroco-0_6-3-32bit-0.6.1-122.6.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:librsvg-2.26.0-2.6.8.3 SUSE Linux Enterprise Server 11 SP1-TERADATA:librsvg-32bit-2.26.0-2.6.8.3 SUSE Linux Enterprise Server 11 SP1-TERADATA:rsvg-view-2.26.0-2.6.8.3 SUSE Linux Enterprise Server 11 SP3-TERADATA:libcroco-0_6-3-0.6.1-122.6.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libcroco-0_6-3-32bit-0.6.1-122.6.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:librsvg-2.26.0-2.6.8.3 SUSE Linux Enterprise Server 11 SP3-TERADATA:librsvg-32bit-2.26.0-2.6.8.3 SUSE Linux Enterprise Server 11 SP3-TERADATA:rsvg-view-2.26.0-2.6.8.3 SUSE Linux Enterprise Server 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-2.40.20-5.6.1 SUSE Linux Enterprise Server 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1 SUSE Linux Enterprise Server 12 SP3:rsvg-view-2.40.20-5.6.1 SUSE Linux Enterprise Server 12 SP4:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 SUSE Linux Enterprise Server 12 SP4:librsvg-2-2-2.40.20-5.6.1 SUSE Linux Enterprise Server 12 SP4:librsvg-2-2-32bit-2.40.20-5.6.1 SUSE Linux Enterprise Server 12 SP4:rsvg-view-2.40.20-5.6.1 SUSE Linux Enterprise Server 12 SP5:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 SUSE Linux Enterprise Server 12 SP5:librsvg-2-2-2.40.20-5.6.1 SUSE Linux Enterprise Server 12 SP5:librsvg-2-2-32bit-2.40.20-5.6.1 SUSE Linux Enterprise Server 12 SP5:rsvg-view-2.40.20-5.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-2.40.20-5.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:librsvg-2-2-32bit-2.40.20-5.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:rsvg-view-2.40.20-5.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:librsvg-2-2-2.40.20-5.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:librsvg-2-2-32bit-2.40.20-5.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:rsvg-view-2.40.20-5.6.1 SUSE Linux Enterprise Software Development Kit 12 SP3:librsvg-devel-2.40.20-5.6.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1 SUSE Linux Enterprise Software Development Kit 12 SP4:librsvg-devel-2.40.20-5.6.1 SUSE Linux Enterprise Software Development Kit 12 SP4:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1 SUSE Linux Enterprise Software Development Kit 12 SP5:librsvg-devel-2.40.20-5.6.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-Rsvg-2_0-2.40.20-5.6.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H