CVE-2005-3885 - The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwr

CVE-2005-3885

Summary

The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501
http://secunia.com/advisories/16343
http://secunia.com/advisories/17882
http://secunia.com/advisories/17886
http://www.debian.org/security/2005/dsa-916
http://www.securityfocus.com/bid/14522
https://usn.ubuntu.com/223-1/

Vulnerable Configurations

cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 03-10-2018 - 21:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	14522
confirm	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501
debian	DSA-916
secunia	16343 17882 17886
ubuntu	USN-223-1

Last major update

03-10-2018 - 21:34

Published

29-11-2005 - 19:03

Last modified

03-10-2018 - 21:34