*** This bug is a security vulnerability *** Public security bug reported:
There's an exploit published on July 8, 2008 at http://www.milw0rm.com/exploits/6029 that says: "Malicious SVG file DoS The following applications were tested in their latest revisions: Firefox's "browse for file, preview" object on linux: affected evince on linux: affected eog on linux: affected gimp on linux: affected inkscape on linux: unaffected Microsoft Visio on windows: unaffected It is unknown at this time whether code execution is possible..." Unfortunately I currently lack the resources to verify the existence of the vulnerability. WARNING: the .zip file might harm your computer. Don't open it on your normal machine. A more or less safe way to test it would be to physically disconnect any important devices (all hard disks, network connections to any networks that trust your machine, etc.) and to boot from a live CD. But you should still know what you're doing. ** Affects: eog (Ubuntu) Importance: Undecided Status: New ** Affects: evince (Ubuntu) Importance: Undecided Status: New ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New ** Affects: gimp (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Changed in: firefox-3.0 (Ubuntu) Sourcepackagename: None => firefox-3.0 ** Also affects: firefox (Ubuntu) Importance: Undecided Status: New ** Also affects: evince (Ubuntu) Importance: Undecided Status: New ** Also affects: eog (Ubuntu) Importance: Undecided Status: New ** Also affects: gimp (Ubuntu) Importance: Undecided Status: New -- Possible SVG vulnerability affecting Firefox, evince, eog, Gimp and more https://bugs.launchpad.net/bugs/253804 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
