MidnightBSD

Advisories for inkscape

CVE-2005-3737 MEDIUM

Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
inkscape inkscape 0.42.1
inkscape inkscape 0.41
inkscape inkscape 0.42
inkscape inkscape 0.42.2
CVE-2005-3885 LOW

The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
inkscape inkscape 0.41
CVE-2012-5656 LOW

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-611,

Products Affected

Vendor Product Version
opensuse opensuse 12.2
fedoraproject fedora 17
canonical ubuntu_linux 12.04
inkscape inkscape *
fedoraproject fedora 16
opensuse opensuse 12.1
opensuse opensuse 11.4
canonical ubuntu_linux 12.10
canonical ubuntu_linux 10.04
fedoraproject fedora 18
canonical ubuntu_linux 11.10
CVE-2012-6076 MEDIUM

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
inkscape inkscape 0.48.1
inkscape inkscape *
inkscape inkscape 0.44
inkscape inkscape 0.40
inkscape inkscape 0.42.2
inkscape inkscape 0.48.2
inkscape inkscape 0.38.1
inkscape inkscape 0.48.3
inkscape inkscape 0.37
inkscape inkscape 0.41
inkscape inkscape 0.43
inkscape inkscape 0.39
inkscape inkscape 0.46
inkscape inkscape 0.47
inkscape inkscape 0.42
inkscape inkscape 0.45.1
inkscape inkscape 0.44.1
inkscape inkscape 0.48
CVE-2021-42700 LOW

Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4
ics-cert@hq.dhs.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
inkscape inkscape 0.91
CVE-2021-42702 MEDIUM

Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4
ics-cert@hq.dhs.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,

Products Affected

Vendor Product Version
inkscape inkscape 0.91
CVE-2021-42704 MEDIUM

Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
inkscape inkscape 0.91