Search criteria
29 vulnerabilities found for inkscape by inkscape
CVE-2025-15523 (GCVE-0-2025-15523)
Vulnerability from nvd – Published: 2026-01-22 14:45 – Updated: 2026-01-22 15:05 X_Open Source
VLAI?
Title
TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app
Summary
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions
granted by the user to the main application bundle. An attacker with local user access can
invoke this interpreter with arbitrary commands or scripts, leveraging the
application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker's malicious intent.
This issue has been fixed in 1.4.3 version of Inkscape.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Karol Mazurek and Hubert Decyusz (AFINE Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:05:02.747583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T15:05:37.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Inkscape",
"repo": "https://gitlab.com/inkscape/inkscape",
"vendor": "Inkscape",
"versions": [
{
"lessThan": "1.4.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek and Hubert Decyusz (AFINE Team)"
}
],
"datePublic": "2026-01-22T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MacOS version of Inkscape bundles a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePython\u003c/span\u003e interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker\u0027s malicious intent.\u003cbr\u003e\u003cbr\u003eThis issue has been fixed in 1.4.3 version of Inkscape.\u003cbr\u003e"
}
],
"value": "MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker\u0027s malicious intent.\n\nThis issue has been fixed in 1.4.3 version of Inkscape."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T14:45:26.404Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "https://inkscape.org/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2026/01/CVE-2025-15523/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source"
],
"title": "TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-15523",
"datePublished": "2026-01-22T14:45:26.404Z",
"dateReserved": "2026-01-14T17:14:05.617Z",
"dateUpdated": "2026-01-22T15:05:37.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-42704 (GCVE-0-2021-42704)
Vulnerability from nvd – Published: 2022-05-18 16:24 – Updated: 2025-04-16 16:19
VLAI?
Title
Inkscape Out-of-bounds Write
Summary
Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42704",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:21.272220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:19:49.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:59:19.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42704",
"STATE": "PUBLIC",
"TITLE": "Inkscape Out-of-bounds Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42704",
"datePublished": "2022-05-18T16:24:51.499Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:19:49.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42702 (GCVE-0-2021-42702)
Vulnerability from nvd – Published: 2022-05-18 16:24 – Updated: 2025-04-16 16:19
VLAI?
Title
Inkscape Access of Uninitialized Pointer
Summary
Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.
Severity ?
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42702",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:02.387916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:19:56.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:58:43.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Access of Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42702",
"STATE": "PUBLIC",
"TITLE": "Inkscape Access of Uninitialized Pointer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42702",
"datePublished": "2022-05-18T16:24:13.808Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:19:56.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42700 (GCVE-0-2021-42700)
Vulnerability from nvd – Published: 2022-05-18 16:21 – Updated: 2025-04-16 16:20
VLAI?
Title
Inkscape Out-of-bounds Read
Summary
Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42700",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:06.913324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:20:04.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:58:04.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Out-of-bounds Read",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42700",
"STATE": "PUBLIC",
"TITLE": "Inkscape Out-of-bounds Read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42700",
"datePublished": "2022-05-18T16:21:40.584Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:20:04.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6076 (GCVE-0-2012-6076)
Vulnerability from nvd – Published: 2013-03-12 21:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6076",
"datePublished": "2013-03-12T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T21:21:28.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5656 (GCVE-0-2012-5656)
Vulnerability from nvd – Published: 2013-01-18 11:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"name": "FEDORA-2012-20620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
},
{
"name": "56965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"name": "FEDORA-2012-20621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"name": "FEDORA-2012-20643",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-23T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"name": "FEDORA-2012-20620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
},
{
"name": "56965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"name": "FEDORA-2012-20621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"name": "FEDORA-2012-20643",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5656",
"datePublished": "2013-01-18T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1463 (GCVE-0-2007-1463)
Vulnerability from nvd – Published: 2007-03-21 19:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inkscape-dialogs-format-string(33163)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "inkscape-dialogs-format-string(33163)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2007-1463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inkscape-dialogs-format-string(33163)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24661"
},
{
"name": "https://issues.rpath.com/browse/RPL-1170",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25072"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2007-1463",
"datePublished": "2007-03-21T19:00:00",
"dateReserved": "2007-03-15T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1464 (GCVE-0-2007-1464)
Vulnerability from nvd – Published: 2007-03-21 19:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inkscape-jabber-format-string(33164)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "inkscape-jabber-format-string(33164)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2007-1464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inkscape-jabber-format-string(33164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24661"
},
{
"name": "https://issues.rpath.com/browse/RPL-1170",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25072"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2007-1464",
"datePublished": "2007-03-21T19:00:00",
"dateReserved": "2007-03-15T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3885 (GCVE-0-2005-3885)
Vulnerability from nvd – Published: 2005-11-29 19:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3885",
"datePublished": "2005-11-29T19:00:00",
"dateReserved": "2005-11-29T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3737 (GCVE-0-2005-3737)
Vulnerability from nvd – Published: 2005-11-22 00:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200511-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17882"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200511-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17882"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200511-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17882"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/58"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3737",
"datePublished": "2005-11-22T00:00:00",
"dateReserved": "2005-11-21T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-15523 (GCVE-0-2025-15523)
Vulnerability from cvelistv5 – Published: 2026-01-22 14:45 – Updated: 2026-01-22 15:05 X_Open Source
VLAI?
Title
TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app
Summary
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions
granted by the user to the main application bundle. An attacker with local user access can
invoke this interpreter with arbitrary commands or scripts, leveraging the
application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker's malicious intent.
This issue has been fixed in 1.4.3 version of Inkscape.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Karol Mazurek and Hubert Decyusz (AFINE Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:05:02.747583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T15:05:37.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Inkscape",
"repo": "https://gitlab.com/inkscape/inkscape",
"vendor": "Inkscape",
"versions": [
{
"lessThan": "1.4.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek and Hubert Decyusz (AFINE Team)"
}
],
"datePublic": "2026-01-22T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MacOS version of Inkscape bundles a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePython\u003c/span\u003e interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker\u0027s malicious intent.\u003cbr\u003e\u003cbr\u003eThis issue has been fixed in 1.4.3 version of Inkscape.\u003cbr\u003e"
}
],
"value": "MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker\u0027s malicious intent.\n\nThis issue has been fixed in 1.4.3 version of Inkscape."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T14:45:26.404Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "https://inkscape.org/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2026/01/CVE-2025-15523/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source"
],
"title": "TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-15523",
"datePublished": "2026-01-22T14:45:26.404Z",
"dateReserved": "2026-01-14T17:14:05.617Z",
"dateUpdated": "2026-01-22T15:05:37.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-42704 (GCVE-0-2021-42704)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:24 – Updated: 2025-04-16 16:19
VLAI?
Title
Inkscape Out-of-bounds Write
Summary
Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42704",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:21.272220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:19:49.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:59:19.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42704",
"STATE": "PUBLIC",
"TITLE": "Inkscape Out-of-bounds Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42704",
"datePublished": "2022-05-18T16:24:51.499Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:19:49.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42702 (GCVE-0-2021-42702)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:24 – Updated: 2025-04-16 16:19
VLAI?
Title
Inkscape Access of Uninitialized Pointer
Summary
Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.
Severity ?
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42702",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:02.387916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:19:56.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:58:43.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Access of Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42702",
"STATE": "PUBLIC",
"TITLE": "Inkscape Access of Uninitialized Pointer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42702",
"datePublished": "2022-05-18T16:24:13.808Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:19:56.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42700 (GCVE-0-2021-42700)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:21 – Updated: 2025-04-16 16:20
VLAI?
Title
Inkscape Out-of-bounds Read
Summary
Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42700",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:06.913324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:20:04.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:58:04.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Out-of-bounds Read",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42700",
"STATE": "PUBLIC",
"TITLE": "Inkscape Out-of-bounds Read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42700",
"datePublished": "2022-05-18T16:21:40.584Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:20:04.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6076 (GCVE-0-2012-6076)
Vulnerability from cvelistv5 – Published: 2013-03-12 21:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6076",
"datePublished": "2013-03-12T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T21:21:28.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5656 (GCVE-0-2012-5656)
Vulnerability from cvelistv5 – Published: 2013-01-18 11:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"name": "FEDORA-2012-20620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
},
{
"name": "56965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"name": "FEDORA-2012-20621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"name": "FEDORA-2012-20643",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-23T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"name": "FEDORA-2012-20620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
},
{
"name": "56965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"name": "FEDORA-2012-20621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"name": "FEDORA-2012-20643",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5656",
"datePublished": "2013-01-18T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1463 (GCVE-0-2007-1463)
Vulnerability from cvelistv5 – Published: 2007-03-21 19:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inkscape-dialogs-format-string(33163)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "inkscape-dialogs-format-string(33163)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2007-1463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inkscape-dialogs-format-string(33163)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24661"
},
{
"name": "https://issues.rpath.com/browse/RPL-1170",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25072"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2007-1463",
"datePublished": "2007-03-21T19:00:00",
"dateReserved": "2007-03-15T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1464 (GCVE-0-2007-1464)
Vulnerability from cvelistv5 – Published: 2007-03-21 19:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inkscape-jabber-format-string(33164)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "inkscape-jabber-format-string(33164)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2007-1464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inkscape-jabber-format-string(33164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24661"
},
{
"name": "https://issues.rpath.com/browse/RPL-1170",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25072"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2007-1464",
"datePublished": "2007-03-21T19:00:00",
"dateReserved": "2007-03-15T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3885 (GCVE-0-2005-3885)
Vulnerability from cvelistv5 – Published: 2005-11-29 19:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3885",
"datePublished": "2005-11-29T19:00:00",
"dateReserved": "2005-11-29T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3737 (GCVE-0-2005-3737)
Vulnerability from cvelistv5 – Published: 2005-11-22 00:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200511-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17882"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200511-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17882"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200511-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17882"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/58"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3737",
"datePublished": "2005-11-22T00:00:00",
"dateReserved": "2005-11-21T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2021-42700
Vulnerability from fkie_nvd - Published: 2022-05-18 17:15 - Updated: 2024-11-21 06:28
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5D548A-F1D4-4BAA-96BA-DA562A78C5C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
},
{
"lang": "es",
"value": "Inkscape 0.91 es vulnerable a una lectura fuera de l\u00edmites, que puede permitir a un atacante tener acceso a informaci\u00f3n no autorizada"
}
],
"id": "CVE-2021-42700",
"lastModified": "2024-11-21T06:28:00.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-18T17:15:08.080",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-42702
Vulnerability from fkie_nvd - Published: 2022-05-18 17:15 - Updated: 2024-11-21 06:28
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5D548A-F1D4-4BAA-96BA-DA562A78C5C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
},
{
"lang": "es",
"value": "La versi\u00f3n 0.91 de Inkscape puede acceder a un puntero no inicializado, lo que puede permitir a un atacante tener acceso a informaci\u00f3n no autorizada"
}
],
"id": "CVE-2021-42702",
"lastModified": "2024-11-21T06:28:00.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-18T17:15:08.147",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-42704
Vulnerability from fkie_nvd - Published: 2022-05-18 17:15 - Updated: 2024-11-21 06:28
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5D548A-F1D4-4BAA-96BA-DA562A78C5C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
},
{
"lang": "es",
"value": "La versi\u00f3n 0.91 de Inkscape es vulnerable a una escritura fuera de l\u00edmites, lo que puede permitir a un atacante ejecutar c\u00f3digo de forma arbitraria"
}
],
"id": "CVE-2021-42704",
"lastModified": "2024-11-21T06:28:00.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-18T17:15:08.207",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2012-6076
Vulnerability from fkie_nvd - Published: 2013-03-12 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341 | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/12/30/2 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1712-1 | ||
| secalert@redhat.com | https://bugs.launchpad.net/inkscape/+bug/911146 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/12/30/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1712-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/inkscape/+bug/911146 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inkscape | inkscape | * | |
| inkscape | inkscape | 0.37 | |
| inkscape | inkscape | 0.38.1 | |
| inkscape | inkscape | 0.39 | |
| inkscape | inkscape | 0.40 | |
| inkscape | inkscape | 0.41 | |
| inkscape | inkscape | 0.42 | |
| inkscape | inkscape | 0.42.2 | |
| inkscape | inkscape | 0.43 | |
| inkscape | inkscape | 0.44 | |
| inkscape | inkscape | 0.44.1 | |
| inkscape | inkscape | 0.45.1 | |
| inkscape | inkscape | 0.46 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.47 | |
| inkscape | inkscape | 0.48 | |
| inkscape | inkscape | 0.48 | |
| inkscape | inkscape | 0.48 | |
| inkscape | inkscape | 0.48.1 | |
| inkscape | inkscape | 0.48.2 | |
| inkscape | inkscape | 0.48.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0BA758-CE2D-4A56-820C-0431218E13B8",
"versionEndIncluding": "0.48.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A7E0CA-0853-474E-9A34-0816F50C9D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.38.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18AAE17E-C96C-4D66-8A04-A5D3AE14FE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "018BA031-B337-4B29-9991-82FB9F750331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D218B9A-193B-4956-B710-8998FC60A6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "A061EEF7-FBD3-4BBD-BCAA-9F765567C606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "57038D30-192C-4899-A705-E951E162B871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4783CB07-5F32-4FF6-85D4-2F3FE21DD75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "6EAE5DD1-E2DB-4905-83B2-348257A4E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EBAFFC-12A6-42D2-9840-289BFD720F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.44.1:*:*:*:*:*:*:*",
"matchCriteriaId": "594EE688-2DF3-4816-8555-3E5B4EFAFC95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.45.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C54073A-438C-4D51-99CD-C2144D6A8150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE96B25-32B9-4FD2-8B10-80DD350EB759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA0CE4F-3AD3-4B44-8BC8-9674D94D3408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:pre0:*:*:*:*:*:*",
"matchCriteriaId": "5C3B3BAF-BAD4-4BC5-83D4-8325D783E461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:pre1:*:*:*:*:*:*",
"matchCriteriaId": "06842246-AA84-4BEA-A0FE-B46E45711213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:pre2:*:*:*:*:*:*",
"matchCriteriaId": "A761AB84-5B22-453D-B14A-5E49AD8F1263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:pre3:*:*:*:*:*:*",
"matchCriteriaId": "81739054-C209-4216-8567-E8FC3D749712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.47:pre4:*:*:*:*:*:*",
"matchCriteriaId": "BE454063-D98C-4D5D-BA20-AE9333024D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "F10B9C61-F0BB-4176-A6C4-5AC8663DE0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48:pre0:*:*:*:*:*:*",
"matchCriteriaId": "8360E1BF-499F-4170-994D-4677D4613133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48:pre1:*:*:*:*:*:*",
"matchCriteriaId": "9FF25DD6-BED2-41C5-AD6E-488F96A80FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B48456C-5B4C-444A-8A37-F6953A800D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89281174-55F9-4B0C-B4BE-9128768B703E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.48.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A743F6F-5BC8-4D14-9DC3-E3EDD3695C24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts."
},
{
"lang": "es",
"value": "Inkscape anterior a v0.48.4 lee ficheros .eps desde /tmp en lugar del directorio actual, permitiendo a usuarios locales obtener informaci\u00f3n sensible y posiblemente tener otro impacto no especificado."
}
],
"id": "CVE-2012-6076",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-12T22:55:01.113",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5656
Vulnerability from fkie_nvd - Published: 2013-01-18 11:48 - Updated: 2025-04-11 00:51
Severity ?
Summary
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931 | Patch | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html | Mailing List | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html | Mailing List | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html | Mailing List | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html | Mailing List | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html | Mailing List | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/12/20/3 | Exploit, Mailing List | |
| secalert@redhat.com | http://www.securityfocus.com/bid/56965 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1712-1 | Third Party Advisory | |
| secalert@redhat.com | https://bugs.launchpad.net/inkscape/+bug/1025185 | Exploit, Issue Tracking | |
| secalert@redhat.com | https://launchpad.net/inkscape/+milestone/0.48.4 | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/12/20/3 | Exploit, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/56965 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1712-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/inkscape/+bug/1025185 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/inkscape/+milestone/0.48.4 | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inkscape | inkscape | * | |
| fedoraproject | fedora | 16 | |
| fedoraproject | fedora | 17 | |
| fedoraproject | fedora | 18 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 | |
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 12.1 | |
| opensuse | opensuse | 12.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBD7F12-C6DE-401D-8EF8-0E0D33C40EEA",
"versionEndExcluding": "0.48.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack."
},
{
"lang": "es",
"value": "El proceso de rasterizaci\u00f3n en Inkscape antes de v0.48.4 permite a los usuarios locales leer archivos de su elecci\u00f3n a trav\u00e9s de entidades externas en un archivo SVG. Se trata de un ataque tambi\u00e9n conocido como ataque de inyecci\u00f3n XML a una entidad externa (XXE)."
}
],
"id": "CVE-2012-5656",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2013-01-18T11:48:40.323",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"source": "secalert@redhat.com",
"tags": [
"Product"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1463
Vulnerability from fkie_nvd - Published: 2007-03-21 19:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | http://secunia.com/advisories/24584 | ||
| security@ubuntu.com | http://secunia.com/advisories/24597 | ||
| security@ubuntu.com | http://secunia.com/advisories/24615 | ||
| security@ubuntu.com | http://secunia.com/advisories/24661 | ||
| security@ubuntu.com | http://secunia.com/advisories/24859 | ||
| security@ubuntu.com | http://secunia.com/advisories/25072 | ||
| security@ubuntu.com | http://sourceforge.net/project/shownotes.php?group_id=93438&release_id=495106 | Patch | |
| security@ubuntu.com | http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml | ||
| security@ubuntu.com | http://www.mandriva.com/security/advisories?name=MDKSA-2007:069 | ||
| security@ubuntu.com | http://www.novell.com/linux/security/advisories/2007_8_sr.html | ||
| security@ubuntu.com | http://www.securityfocus.com/archive/1/463710/100/0/threaded | ||
| security@ubuntu.com | http://www.securityfocus.com/bid/23070 | ||
| security@ubuntu.com | http://www.securityfocus.com/bid/23138 | ||
| security@ubuntu.com | http://www.ubuntu.com/usn/usn-438-1 | Vendor Advisory | |
| security@ubuntu.com | http://www.vupen.com/english/advisories/2007/1059 | ||
| security@ubuntu.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/33163 | ||
| security@ubuntu.com | https://issues.rpath.com/browse/RPL-1170 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24584 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24597 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24661 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24859 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?group_id=93438&release_id=495106 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:069 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_8_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/463710/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23070 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23138 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-438-1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1059 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33163 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1170 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE3B4BE-7B43-47C7-823A-C019DF12498F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9460AD-229A-4DC2-BFBA-818640A464AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*",
"matchCriteriaId": "B8517E55-4357-4AFD-B571-5533123CB014",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*",
"matchCriteriaId": "80FF1759-5F86-4046-ABA3-EB7B0038F656",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D218B9A-193B-4956-B710-8998FC60A6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "A061EEF7-FBD3-4BBD-BCAA-9F765567C606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "57038D30-192C-4899-A705-E951E162B871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45441330-3BDD-4F8F-B128-0C431AB9A9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4783CB07-5F32-4FF6-85D4-2F3FE21DD75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "6EAE5DD1-E2DB-4905-83B2-348257A4E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EBAFFC-12A6-42D2-9840-289BFD720F8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
},
{
"lang": "es",
"value": "Vulnerabilidad en el formato de cadena en el Inkscape anterior al 0.45.1 permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante especificadores del formato de cadena en una URI,lo que no es manejado correctamente mediante ciertos di\u00e1logos."
}
],
"id": "CVE-2007-1463",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-21T19:19:00.000",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24584"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24597"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24615"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24661"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24859"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/25072"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"source": "security@ubuntu.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"source": "security@ubuntu.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"source": "security@ubuntu.com",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/23070"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"source": "security@ubuntu.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"source": "security@ubuntu.com",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1170"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1464
Vulnerability from fkie_nvd - Published: 2007-03-21 19:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | http://secunia.com/advisories/24615 | ||
| security@ubuntu.com | http://secunia.com/advisories/24661 | ||
| security@ubuntu.com | http://secunia.com/advisories/24859 | ||
| security@ubuntu.com | http://secunia.com/advisories/25072 | ||
| security@ubuntu.com | http://sourceforge.net/project/shownotes.php?group_id=93438&release_id=495106 | ||
| security@ubuntu.com | http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml | ||
| security@ubuntu.com | http://www.novell.com/linux/security/advisories/2007_8_sr.html | ||
| security@ubuntu.com | http://www.securityfocus.com/archive/1/463710/100/0/threaded | ||
| security@ubuntu.com | http://www.securityfocus.com/bid/23138 | ||
| security@ubuntu.com | http://www.vupen.com/english/advisories/2007/1059 | ||
| security@ubuntu.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/33164 | ||
| security@ubuntu.com | https://issues.rpath.com/browse/RPL-1170 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24661 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24859 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?group_id=93438&release_id=495106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_8_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/463710/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23138 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1059 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33164 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1170 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2599E96D-E6BB-4E92-A596-5A472C0A6D30",
"versionEndIncluding": "0.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en el protocolo whiteboard Jabber del Inkscape anterior al 0.45.1 permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores sin especificar."
}
],
"id": "CVE-2007-1464",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-21T19:19:00.000",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24615"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24661"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/24859"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/25072"
},
{
"source": "security@ubuntu.com",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"source": "security@ubuntu.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"source": "security@ubuntu.com",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"source": "security@ubuntu.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"source": "security@ubuntu.com",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1170"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3885
Vulnerability from fkie_nvd - Published: 2005-11-29 19:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
References
| URL | Tags | ||
|---|---|---|---|
| security@debian.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501 | ||
| security@debian.org | http://secunia.com/advisories/16343 | ||
| security@debian.org | http://secunia.com/advisories/17882 | ||
| security@debian.org | http://secunia.com/advisories/17886 | ||
| security@debian.org | http://www.debian.org/security/2005/dsa-916 | ||
| security@debian.org | http://www.securityfocus.com/bid/14522 | Patch | |
| security@debian.org | https://usn.ubuntu.com/223-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16343 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17882 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17886 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-916 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14522 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/223-1/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "A061EEF7-FBD3-4BBD-BCAA-9F765567C606",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
}
],
"id": "CVE-2005-3885",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-29T19:03:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/16343"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17882"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17886"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14522"
},
{
"source": "security@debian.org",
"url": "https://usn.ubuntu.com/223-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/223-1/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3737
Vulnerability from fkie_nvd - Published: 2005-11-22 00:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894 | ||
| cve@mitre.org | http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1 | ||
| cve@mitre.org | http://secunia.com/advisories/17651 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17662 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17778 | ||
| cve@mitre.org | http://secunia.com/advisories/17882 | ||
| cve@mitre.org | http://securityreason.com/securityalert/58 | ||
| cve@mitre.org | http://www.debian.org/security/2005/dsa-916 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2005_28_sr.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/15507 | Exploit, Patch | |
| cve@mitre.org | http://www.ubuntulinux.org/usn/usn-217-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/2511 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17651 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17662 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17778 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17882 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/58 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-916 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_28_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15507 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntulinux.org/usn/usn-217-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2511 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "A061EEF7-FBD3-4BBD-BCAA-9F765567C606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "57038D30-192C-4899-A705-E951E162B871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45441330-3BDD-4F8F-B128-0C431AB9A9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4783CB07-5F32-4FF6-85D4-2F3FE21DD75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el importador SVG (style.cpp) de inkscape 0.41 a 0.42.2 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n importando un fichero SVG malicioso con valores de hoja de estilos CSS largos."
}
],
"id": "CVE-2005-3737",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-11-22T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17651"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17662"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17778"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17882"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/58"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2511"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}