Search criteria
11 vulnerabilities by Inkscape
CVE-2026-4980 (GCVE-0-2026-4980)
Vulnerability from cvelistv5 – Published: 2026-03-27 14:50 – Updated: 2026-04-06 19:48
VLAI
Title
Improper Restriction of XML External Entity Reference in Inkscape
Summary
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4980",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T15:12:52.453006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T19:48:25.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "1.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "VK (previously elttam) https://github.com/me0wday"
}
],
"descriptions": [
{
"lang": "en",
"value": "A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T14:50:48.271Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://gitlab.com/inkscape/inkscape/-/work_items/3557"
},
{
"url": "https://gitlab.com/inkscape/inkscape/-/merge_requests/5269"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 1.3 or above"
}
],
"title": "Improper Restriction of XML External Entity Reference in Inkscape"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-4980",
"datePublished": "2026-03-27T14:50:48.271Z",
"dateReserved": "2026-03-27T11:18:24.287Z",
"dateUpdated": "2026-04-06T19:48:25.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15523 (GCVE-0-2025-15523)
Vulnerability from cvelistv5 – Published: 2026-01-22 14:45 – Updated: 2026-01-22 15:05 X_Open Source
VLAI
Title
TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app
Summary
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions
granted by the user to the main application bundle. An attacker with local user access can
invoke this interpreter with arbitrary commands or scripts, leveraging the
application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker's malicious intent.
This issue has been fixed in 1.4.3 version of Inkscape.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://inkscape.org/ | product |
| https://cert.pl/en/posts/2026/01/CVE-2025-15523/ | third-party-advisory |
Date Public
2026-01-22 13:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:05:02.747583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T15:05:37.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Inkscape",
"repo": "https://gitlab.com/inkscape/inkscape",
"vendor": "Inkscape",
"versions": [
{
"lessThan": "1.4.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek and Hubert Decyusz (AFINE Team)"
}
],
"datePublic": "2026-01-22T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MacOS version of Inkscape bundles a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePython\u003c/span\u003e interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker\u0027s malicious intent.\u003cbr\u003e\u003cbr\u003eThis issue has been fixed in 1.4.3 version of Inkscape.\u003cbr\u003e"
}
],
"value": "MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker\u0027s malicious intent.\n\nThis issue has been fixed in 1.4.3 version of Inkscape."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T14:45:26.404Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "https://inkscape.org/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2026/01/CVE-2025-15523/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source"
],
"title": "TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-15523",
"datePublished": "2026-01-22T14:45:26.404Z",
"dateReserved": "2026-01-14T17:14:05.617Z",
"dateUpdated": "2026-01-22T15:05:37.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-42704 (GCVE-0-2021-42704)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:24 – Updated: 2025-04-16 16:19
VLAI
Title
Inkscape Out-of-bounds Write
Summary
Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://www.integraxor.com/scada-animation-graphi… | x_refsource_CONFIRM |
Date Public
2022-05-12 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42704",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:21.272220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:19:49.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:59:19.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42704",
"STATE": "PUBLIC",
"TITLE": "Inkscape Out-of-bounds Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42704",
"datePublished": "2022-05-18T16:24:51.499Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:19:49.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42702 (GCVE-0-2021-42702)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:24 – Updated: 2025-04-16 16:19
VLAI
Title
Inkscape Access of Uninitialized Pointer
Summary
Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://www.integraxor.com/scada-animation-graphi… | x_refsource_CONFIRM |
Date Public
2022-05-12 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42702",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:02.387916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:19:56.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:58:43.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Access of Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42702",
"STATE": "PUBLIC",
"TITLE": "Inkscape Access of Uninitialized Pointer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42702",
"datePublished": "2022-05-18T16:24:13.808Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:19:56.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42700 (GCVE-0-2021-42700)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:21 – Updated: 2025-04-16 16:20
VLAI
Title
Inkscape Out-of-bounds Read
Summary
Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://www.integraxor.com/scada-animation-graphi… | x_refsource_CONFIRM |
Date Public
2022-05-12 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42700",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:06.913324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:20:04.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Inkscape",
"vendor": "Inkscape",
"versions": [
{
"status": "affected",
"version": "0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T13:58:04.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
],
"solutions": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Inkscape Out-of-bounds Read",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
"ID": "CVE-2021-42700",
"STATE": "PUBLIC",
"TITLE": "Inkscape Out-of-bounds Read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Inkscape",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.91"
}
]
}
}
]
},
"vendor_name": "Inkscape"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
},
{
"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
"refsource": "CONFIRM",
"url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42700",
"datePublished": "2022-05-18T16:21:40.584Z",
"dateReserved": "2021-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:20:04.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6076 (GCVE-0-2012-6076)
Vulnerability from cvelistv5 – Published: 2013-03-12 21:00 – Updated: 2024-08-06 21:21
VLAI
Summary
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/12/30/2 | mailing-listx_refsource_MLIST |
| http://www.ubuntu.com/usn/USN-1712-1 | vendor-advisoryx_refsource_UBUNTU |
| https://bugs.launchpad.net/inkscape/+bug/911146 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2013-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2013-0… | vendor-advisoryx_refsource_SUSE |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6076",
"datePublished": "2013-03-12T21:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:21:28.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5656 (GCVE-0-2012-5656)
Vulnerability from cvelistv5 – Published: 2013-01-18 11:00 – Updated: 2024-08-06 21:14
VLAI
Summary
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/12/20/3 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://bazaar.launchpad.net/~inkscape.dev/inkscap… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1712-1 | vendor-advisoryx_refsource_UBUNTU |
| https://launchpad.net/inkscape/+milestone/0.48.4 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/56965 | vdb-entryx_refsource_BID |
| https://bugs.launchpad.net/inkscape/+bug/1025185 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-updates/2013-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2013-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2012-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"name": "FEDORA-2012-20620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
},
{
"name": "56965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"name": "FEDORA-2012-20621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"name": "FEDORA-2012-20643",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-23T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
},
{
"name": "FEDORA-2012-20620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
},
{
"name": "USN-1712-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1712-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/inkscape/+milestone/0.48.4"
},
{
"name": "56965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
},
{
"name": "FEDORA-2012-20621",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
},
{
"name": "openSUSE-SU-2013:0294",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"name": "FEDORA-2012-20643",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5656",
"datePublished": "2013-01-18T11:00:00.000Z",
"dateReserved": "2012-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:14:16.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1463 (GCVE-0-2007-1463)
Vulnerability from cvelistv5 – Published: 2007-03-21 19:00 – Updated: 2024-08-07 12:59
VLAI
Summary
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2007-03-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inkscape-dialogs-format-string(33163)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "inkscape-dialogs-format-string(33163)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2007-1463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inkscape-dialogs-format-string(33163)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
},
{
"name": "24859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24615"
},
{
"name": "24597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24597"
},
{
"name": "24584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24584"
},
{
"name": "23138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24661"
},
{
"name": "https://issues.rpath.com/browse/RPL-1170",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "USN-438-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-438-1"
},
{
"name": "MDKSA-2007:069",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25072"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
},
{
"name": "23070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2007-1463",
"datePublished": "2007-03-21T19:00:00.000Z",
"dateReserved": "2007-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:59:08.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1464 (GCVE-0-2007-1464)
Vulnerability from cvelistv5 – Published: 2007-03-21 19:00 – Updated: 2024-08-07 12:59
VLAI
Summary
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/24859 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/24615 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/23138 | vdb-entryx_refsource_BID |
| http://www.gentoo.org/security/en/glsa/glsa-20070… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/24661 | third-party-advisoryx_refsource_SECUNIA |
| https://issues.rpath.com/browse/RPL-1170 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/1059 | vdb-entryx_refsource_VUPEN |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/archive/1/463710/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/25072 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
Date Public
2007-03-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inkscape-jabber-format-string(33164)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "inkscape-jabber-format-string(33164)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2007-1464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inkscape-jabber-format-string(33164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
},
{
"name": "24859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24859"
},
{
"name": "24615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24615"
},
{
"name": "23138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23138"
},
{
"name": "GLSA-200704-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
},
{
"name": "24661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24661"
},
{
"name": "https://issues.rpath.com/browse/RPL-1170",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1170"
},
{
"name": "ADV-2007-1059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1059"
},
{
"name": "SUSE-SR:2007:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
},
{
"name": "20070324 FLEA-2007-0002-1: inkscape",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
},
{
"name": "25072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25072"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2007-1464",
"datePublished": "2007-03-21T19:00:00.000Z",
"dateReserved": "2007-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:59:08.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3885 (GCVE-0-2005-3885)
Vulnerability from cvelistv5 – Published: 2005-11-29 19:00 – Updated: 2024-08-07 23:24
VLAI
Summary
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501 | x_refsource_CONFIRM |
| http://secunia.com/advisories/17882 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/16343 | third-party-advisoryx_refsource_SECUNIA |
| https://usn.ubuntu.com/223-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/17886 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2005/dsa-916 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/14522 | vdb-entryx_refsource_BID |
Date Public
2005-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
},
{
"name": "17882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17882"
},
{
"name": "16343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16343"
},
{
"name": "USN-223-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/223-1/"
},
{
"name": "17886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17886"
},
{
"name": "DSA-916",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "14522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3885",
"datePublished": "2005-11-29T19:00:00.000Z",
"dateReserved": "2005-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:36.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3737 (GCVE-0-2005-3737)
Vulnerability from cvelistv5 – Published: 2005-11-22 00:00 – Updated: 2024-08-07 23:24
VLAI
Summary
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2005-11-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200511-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17882"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-30T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200511-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17882"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200511-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17882"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/58"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3737",
"datePublished": "2005-11-22T00:00:00.000Z",
"dateReserved": "2005-11-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:36.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}