CVE-2012-5656

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-5656
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://bugs.launchpad.net/inkscape/+bug/1025185 Exploit
http://www.openwall.com/lists/oss-security/2012/12/20/3 Exploit
https://launchpad.net/inkscape/+milestone/0.48.4
http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html
http://www.securityfocus.com/bid/56965
http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931
http://www.ubuntu.com/usn/USN-1712-1
http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:inkscape:inkscape:0.48:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.48:pre1:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.46:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.45.1:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.40:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.39:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.48:pre0:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.47:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.47:pre4:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.44.1:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.44:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.38.1:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.37:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.48.2:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.48.1:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.47:pre1:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.47:pre0:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.48.3:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.47:pre3:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.47:pre2:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.43:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*
cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:*
Information

Published : 2013-01-18 11:48

Updated : 2013-03-23 03:14

NVD link : CVE-2012-5656

Mitre link : CVE-2012-5656

JSON object : View

Products Affected

inkscape

  • inkscape
CWE
CWE-264

Permissions, Privileges, and Access Controls