{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T14:52:12.787","vulnerabilities":[{"cve":{"id":"CVE-2018-1000639","sourceIdentifier":"cve@mitre.org","published":"2018-08-20T19:31:35.497","lastModified":"2024-11-21T03:40:18.057","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file."},{"lang":"es","value":"LatexDraw en versiones 4.0 y anteriores contiene una vulnerabilidad XXE (XML External Entity) en la funcionalidad de análisis de SVG que puede resultar en la divulgación de datos, Server-Side Request Forgery (SSRF), el escaneo de puertos y un posible RCE. Parece ser que este ataque puede ser explotado mediante un archivo SVG especialmente manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:latexdraw_project:latexdraw:*:*:*:*:*:*:*:*","versionEndIncluding":"3.3.9","matchCriteriaId":"37717FAE-F7D3-4A17-9E3C-3ACEBBFB00DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:latexdraw_project:latexdraw:4.0:beta1:*:*:*:*:*:*","matchCriteriaId":"A35CB480-8A58-46AA-B908-66789C40BD20"},{"vulnerable":true,"criteria":"cpe:2.3:a:latexdraw_project:latexdraw:4.0:beta2:*:*:*:*:*:*","matchCriteriaId":"168E806D-33EF-41D2-B04E-C2F65E16DD09"}]}]}],"references":[{"url":"https://0dd.zone/2018/08/05/LatexDraw-XXE/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/arnobl/latexdraw/issues/10","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://0dd.zone/2018/08/05/LatexDraw-XXE/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/arnobl/latexdraw/issues/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]}]}}]}