Since SVG is built heavily if not entirely on XML, can one of the attacks that can be carried out through XML such as XXE injection be carried out from an SVG file?
Asked
Active
Viewed 2,314 times
1 Answers
1
XXE vulnerabilities are all to do with the parser. If the parser that processes the SVG file grabs external entities without verification, then it is vulnerable.
For an example, see this vulnerability in an Apache library.
SilverlightFox
- 33,408
- 6
- 67
- 178