cvedb.io
CVE-2016-9181
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2016-12-22T21:59:00.193 · Last modified 2026-06-17T00:55:38.250

Summary

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.

Affected products

image-info_project — image-info_for_perl

Does this affect you?

Add your gear to cvedb and we'll alert you only when image-info_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.