CVE-2007-1463 - Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execu

CVE-2007-1463

Summary

Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.

References

Vulnerable Configurations

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.40:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.40:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.42.1:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.42.1:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.43:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.43:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.44:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.44:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 16-10-2018 - 16:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	23070 23138
bugtraq	20070324 FLEA-2007-0002-1: inkscape
confirm	http://sourceforge.net/project/shownotes.php?group_id=93438&release_id=495106 https://issues.rpath.com/browse/RPL-1170
gentoo	GLSA-200704-10
mandriva	MDKSA-2007:069
secunia	24584 24597 24615 24661 24859 25072
suse	SUSE-SR:2007:008
ubuntu	USN-438-1
vupen	ADV-2007-1059
xf	inkscape-dialogs-format-string(33163)

Last major update

16-10-2018 - 16:38

Published

21-03-2007 - 19:19

Last modified

16-10-2018 - 16:38