ID CVE-2007-1464
Summary Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:inkscape:inkscape:0.45
    cpe:2.3:a:inkscape:inkscape:0.45
CVSS
Base: 6.8 (as of 22-03-2007 - 11:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200704-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-200704-10 (Inkscape: Two format string vulnerabilities) Kees Cook has discovered two vulnerabilities in Inkscape. The application does not properly handle format string specifiers in some dialog boxes. Inkscape is also vulnerable to another format string error in its Jabber whiteboard protocol. Impact : A remote attacker could entice a user to open a specially crafted URI, possibly leading to execution of arbitrary code with the privileges of the user running Inkscape. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25055
    published 2007-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25055
    title GLSA-200704-10 : Inkscape: Two format string vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_INKSCAPE-3062.NASL
    description Several format string problems where fixed in inkscape. CVE-2007-1463: A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. CVE-2007-1464: Format string vulnerability in the whiteboard Jabber protocol in Inkscape allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27272
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27272
    title openSUSE 10 Security Update : inkscape (inkscape-3062)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-438-1.NASL
    description A flaw was discovered in Inkscape's use of format strings. If a user were tricked into opening a specially crafted URI in Inkscape, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28034
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28034
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : inkscape vulnerability (USN-438-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_INKSCAPE-3061.NASL
    description Several format string problems where fixed in inkscape. - A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. (CVE-2007-1463) - Format string vulnerability in the whiteboard Jabber protocol in Inkscape allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-1464)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29465
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29465
    title SuSE 10 Security Update : inkscape (ZYPP Patch Number 3061)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-069.NASL
    description Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. Updated packages have been patched to address this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24895
    published 2007-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24895
    title Mandrake Linux Security Advisory : inkscape (MDKSA-2007:069)
refmap via4
bid 23138
bugtraq 20070324 FLEA-2007-0002-1: inkscape
confirm
gentoo GLSA-200704-10
secunia
  • 24615
  • 24661
  • 24859
  • 25072
suse SUSE-SR:2007:008
vupen ADV-2007-1059
xf inkscape-jabber-format-string(33164)
Last major update 07-03-2011 - 21:52
Published 21-03-2007 - 15:19
Last modified 16-10-2018 - 12:38
Back to Top