Vulnerabilites related to inkscape - inkscape
Vulnerability from fkie_nvd
Published
2013-03-12 22:55
Modified
2024-11-21 01:45
Severity ?
Summary
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inkscape | inkscape | * | |
| inkscape | inkscape | 0.37 | |
| inkscape | inkscape | 0.38.1 | |
| inkscape | inkscape | 0.39 | |
| inkscape | inkscape | 0.40 | |
| inkscape | inkscape | 0.41 | |
| inkscape | inkscape | 0.42 | |
| inkscape | inkscape | 0.42.2 | |
| inkscape | inkscape | 0.43 | |
| inkscape | inkscape | 0.44 | |
| inkscape | inkscape | 0.44.1 | |
| inkscape | inkscape | 0.45.1 | |
| inkscape | inkscape | 0.46 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.48 | |
| inkscape | inkscape | 0.48 | |
| inkscape | inkscape | 0.48 | |
| inkscape | inkscape | 0.48.1 | |
| inkscape | inkscape | 0.48.2 | |
| inkscape | inkscape | 0.48.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0BA758-CE2D-4A56-820C-0431218E13B8",
"versionEndIncluding": "0.48.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A7E0CA-0853-474E-9A34-0816F50C9D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.38.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18AAE17E-C96C-4D66-8A04-A5D3AE14FE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "018BA031-B337-4B29-9991-82FB9F750331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D218B9A-193B-4956-B710-8998FC60A6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "A061EEF7-FBD3-4BBD-BCAA-9F765567C606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "57038D30-192C-4899-A705-E951E162B871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4783CB07-5F32-4FF6-85D4-2F3FE21DD75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "6EAE5DD1-E2DB-4905-83B2-348257A4E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EBAFFC-12A6-42D2-9840-289BFD720F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.44.1:*:*:*:*:*:*:*",
"matchCriteriaId": "594EE688-2DF3-4816-8555-3E5B4EFAFC95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.45.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C54073A-438C-4D51-99CD-C2144D6A8150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE96B25-32B9-4FD2-8B10-80DD350EB759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA0CE4F-3AD3-4B44-8BC8-9674D94D3408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:pre0:*:*:*:*:*:*",
"matchCriteriaId": "5C3B3BAF-BAD4-4BC5-83D4-8325D783E461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:pre1:*:*:*:*:*:*",
"matchCriteriaId": "06842246-AA84-4BEA-A0FE-B46E45711213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:pre2:*:*:*:*:*:*",
"matchCriteriaId": "A761AB84-5B22-453D-B14A-5E49AD8F1263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:pre3:*:*:*:*:*:*",
"matchCriteriaId": "81739054-C209-4216-8567-E8FC3D749712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:pre4:*:*:*:*:*:*",
"matchCriteriaId": "BE454063-D98C-4D5D-BA20-AE9333024D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "F10B9C61-F0BB-4176-A6C4-5AC8663DE0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48:pre0:*:*:*:*:*:*",
"matchCriteriaId": "8360E1BF-499F-4170-994D-4677D4613133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48:pre1:*:*:*:*:*:*",
"matchCriteriaId": "9FF25DD6-BED2-41C5-AD6E-488F96A80FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B48456C-5B4C-444A-8A37-F6953A800D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89281174-55F9-4B0C-B4BE-9128768B703E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A743F6F-5BC8-4D14-9DC3-E3EDD3695C24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts."
},
{
"lang": "es",
"value": "Inkscape anterior a v0.48.4 lee ficheros .eps desde /tmp en lugar del directorio actual, permitiendo a usuarios locales obtener informaci\u00f3n sensible y posiblemente tener otro impacto no especificado."
}
],
"id": "CVE-2012-6076",
"lastModified": "2024-11-21T01:45:46.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-12T22:55:01.113",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-18 17:15
Modified
2024-11-21 06:28
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5D548A-F1D4-4BAA-96BA-DA562A78C5C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
},
{
"lang": "es",
"value": "La versi\u00f3n 0.91 de Inkscape puede acceder a un puntero no inicializado, lo que puede permitir a un atacante tener acceso a informaci\u00f3n no autorizada"
}
],
"id": "CVE-2021-42702",
"lastModified": "2024-11-21T06:28:00.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-18T17:15:08.147",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-18 11:48
Modified
2024-11-21 01:45
Severity ?
Summary
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inkscape | inkscape | * | |
| fedoraproject | fedora | 16 | |
| fedoraproject | fedora | 17 | |
| fedoraproject | fedora | 18 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 12.1 | |
| opensuse | opensuse | 12.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBD7F12-C6DE-401D-8EF8-0E0D33C40EEA",
"versionEndExcluding": "0.48.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack."
},
{
"lang": "es",
"value": "El proceso de rasterizaci\u00f3n en Inkscape antes de v0.48.4 permite a los usuarios locales leer archivos de su elecci\u00f3n a trav\u00e9s de entidades externas en un archivo SVG. Se trata de un ataque tambi\u00e9n conocido como ataque de inyecci\u00f3n XML a una entidad externa (XXE)."
}
],
"id": "CVE-2012-5656",
"lastModified": "2024-11-21T01:45:03.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2013-01-18T11:48:40.323",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"source": "secalert@redhat.com",
"tags": [
"Product"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-21 19:19
Modified
2024-11-21 00:28
Severity ?
Summary
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2599E96D-E6BB-4E92-A596-5A472C0A6D30",
"versionEndIncluding": "0.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en el protocolo whiteboard Jabber del Inkscape anterior al 0.45.1 permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores sin especificar."
}
],
"id": "CVE-2007-1464",
"lastModified": "2024-11-21T00:28:22.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-21T19:19:00.000",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24615"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24661"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24859"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/25072"
},
{
"source": "security@ubuntu.com",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"source": "security@ubuntu.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"source": "security@ubuntu.com",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"source": "security@ubuntu.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"source": "security@ubuntu.com",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1170"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-18 17:15
Modified
2024-11-21 06:28
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5D548A-F1D4-4BAA-96BA-DA562A78C5C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
},
{
"lang": "es",
"value": "Inkscape 0.91 es vulnerable a una lectura fuera de l\u00edmites, que puede permitir a un atacante tener acceso a informaci\u00f3n no autorizada"
}
],
"id": "CVE-2021-42700",
"lastModified": "2024-11-21T06:28:00.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-18T17:15:08.080",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-29 19:03
Modified
2024-11-21 00:02
Severity ?
Summary
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "A061EEF7-FBD3-4BBD-BCAA-9F765567C606",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
}
],
"id": "CVE-2005-3885",
"lastModified": "2024-11-21T00:02:57.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-29T19:03:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/16343"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17882"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17886"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14522"
},
{
"source": "security@debian.org",
"url": "https://usn.ubuntu.com/223-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/223-1/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-22 00:03
Modified
2024-11-21 00:02
Severity ?
Summary
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "A061EEF7-FBD3-4BBD-BCAA-9F765567C606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "57038D30-192C-4899-A705-E951E162B871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45441330-3BDD-4F8F-B128-0C431AB9A9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4783CB07-5F32-4FF6-85D4-2F3FE21DD75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el importador SVG (style.cpp) de inkscape 0.41 a 0.42.2 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n importando un fichero SVG malicioso con valores de hoja de estilos CSS largos."
}
],
"id": "CVE-2005-3737",
"lastModified": "2024-11-21T00:02:33.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-11-22T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17651"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17662"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17778"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17882"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/58"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2511"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-21 19:19
Modified
2024-11-21 00:28
Severity ?
Summary
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE3B4BE-7B43-47C7-823A-C019DF12498F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9460AD-229A-4DC2-BFBA-818640A464AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*",
"matchCriteriaId": "B8517E55-4357-4AFD-B571-5533123CB014",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*",
"matchCriteriaId": "80FF1759-5F86-4046-ABA3-EB7B0038F656",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D218B9A-193B-4956-B710-8998FC60A6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "A061EEF7-FBD3-4BBD-BCAA-9F765567C606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "57038D30-192C-4899-A705-E951E162B871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45441330-3BDD-4F8F-B128-0C431AB9A9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4783CB07-5F32-4FF6-85D4-2F3FE21DD75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "6EAE5DD1-E2DB-4905-83B2-348257A4E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EBAFFC-12A6-42D2-9840-289BFD720F8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
},
{
"lang": "es",
"value": "Vulnerabilidad en el formato de cadena en el Inkscape anterior al 0.45.1 permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante especificadores del formato de cadena en una URI,lo que no es manejado correctamente mediante ciertos di\u00e1logos."
}
],
"id": "CVE-2007-1463",
"lastModified": "2024-11-21T00:28:22.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-21T19:19:00.000",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24584"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24597"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24615"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24661"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24859"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/25072"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"source": "security@ubuntu.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"source": "security@ubuntu.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"source": "security@ubuntu.com",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/23070"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"source": "security@ubuntu.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"source": "security@ubuntu.com",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1170"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-18 17:15
Modified
2024-11-21 06:28
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5D548A-F1D4-4BAA-96BA-DA562A78C5C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
},
{
"lang": "es",
"value": "La versi\u00f3n 0.91 de Inkscape es vulnerable a una escritura fuera de l\u00edmites, lo que puede permitir a un atacante ejecutar c\u00f3digo de forma arbitraria"
}
],
"id": "CVE-2021-42704",
"lastModified": "2024-11-21T06:28:00.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-18T17:15:08.207",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
cve-2007-1464
Vulnerability from cvelistv5
Published
2007-03-21 19:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33164 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/24859 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/24615 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/23138 | vdb-entry, x_refsource_BID | |
| http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/24661 | third-party-advisory, x_refsource_SECUNIA | |
| https://issues.rpath.com/browse/RPL-1170 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/1059 | vdb-entry, x_refsource_VUPEN | |
| http://www.novell.com/linux/security/advisories/2007_8_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/archive/1/463710/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/25072 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?group_id=93438&release_id=495106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inkscape-jabber-format-string(33164)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "inkscape-jabber-format-string(33164)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2007-1464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inkscape-jabber-format-string(33164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24661"
},
{
"name": "https://issues.rpath.com/browse/RPL-1170",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25072"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2007-1464",
"datePublished": "2007-03-21T19:00:00",
"dateReserved": "2007-03-15T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42700
Vulnerability from cvelistv5
Published
2022-05-18 16:21
Modified
2024-09-16 20:42
Severity ?
EPSS score ?
Summary
Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | x_refsource_CONFIRM | |
| https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:58:04",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Out-of-bounds Read",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42700",
"STATE": "PUBLIC",
"TITLE": "Inkscape Out-of-bounds Read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42700",
"datePublished": "2022-05-18T16:21:40.584490Z",
"dateReserved": "2021-10-18T00:00:00",
"dateUpdated": "2024-09-16T20:42:58.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5656
Vulnerability from cvelistv5
Published
2013-01-18 11:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"name": "FEDORA-2012-20620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
},
{
"name": "56965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"name": "FEDORA-2012-20621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"name": "FEDORA-2012-20643",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-23T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"name": "FEDORA-2012-20620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
},
{
"name": "56965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"name": "FEDORA-2012-20621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"name": "FEDORA-2012-20643",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5656",
"datePublished": "2013-01-18T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42702
Vulnerability from cvelistv5
Published
2022-05-18 16:24
Modified
2024-09-16 20:52
Severity ?
EPSS score ?
Summary
Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | x_refsource_CONFIRM | |
| https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:58:43",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Access of Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42702",
"STATE": "PUBLIC",
"TITLE": "Inkscape Access of Uninitialized Pointer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42702",
"datePublished": "2022-05-18T16:24:13.808900Z",
"dateReserved": "2021-10-18T00:00:00",
"dateUpdated": "2024-09-16T20:52:23.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1463
Vulnerability from cvelistv5
Published
2007-03-21 19:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inkscape-dialogs-format-string(33163)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "inkscape-dialogs-format-string(33163)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2007-1463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inkscape-dialogs-format-string(33163)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24661"
},
{
"name": "https://issues.rpath.com/browse/RPL-1170",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25072"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2007-1463",
"datePublished": "2007-03-21T19:00:00",
"dateReserved": "2007-03-15T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3737
Vulnerability from cvelistv5
Published
2005-11-22 00:00
Modified
2024-08-07 23:24
Severity ?
EPSS score ?
Summary
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200511-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17882"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200511-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17882"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200511-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17882"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/58"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3737",
"datePublished": "2005-11-22T00:00:00",
"dateReserved": "2005-11-21T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42704
Vulnerability from cvelistv5
Published
2022-05-18 16:24
Modified
2024-09-17 00:40
Severity ?
EPSS score ?
Summary
Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | x_refsource_CONFIRM | |
| https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:59:19",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42704",
"STATE": "PUBLIC",
"TITLE": "Inkscape Out-of-bounds Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42704",
"datePublished": "2022-05-18T16:24:51.499471Z",
"dateReserved": "2021-10-18T00:00:00",
"dateUpdated": "2024-09-17T00:40:40.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6076
Vulnerability from cvelistv5
Published
2013-03-12 21:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/12/30/2 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-1712-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugs.launchpad.net/inkscape/+bug/911146 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html | vendor-advisory, x_refsource_SUSE | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6076",
"datePublished": "2013-03-12T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T21:21:28.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3885
Vulnerability from cvelistv5
Published
2005-11-29 19:00
Modified
2024-08-07 23:24
Severity ?
EPSS score ?
Summary
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/17882 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/16343 | third-party-advisory, x_refsource_SECUNIA | |
| https://usn.ubuntu.com/223-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/17886 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2005/dsa-916 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/14522 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3885",
"datePublished": "2005-11-29T19:00:00",
"dateReserved": "2005-11-29T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}