Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3737

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-3737
Last Modified 07 Mar 2011 09:27:03
Published 21 Nov 2005 07:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-3737

Summary

Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.

Vulnerable Systems

Application

  • Inkscape 0.41

  • Inkscape 0.42

  • Inkscape 0.42.1

  • Inkscape 0.42.2


References

BID - 15507

SECUNIA - 17662

VUPEN - ADV-2005-2511

UBUNTU - USN-217-1

SUSE - SUSE-SR:2005:028

GENTOO - GLSA-200511-22

DEBIAN - DSA-916

SECUNIA - 17882

SECUNIA - 17778

SECUNIA - 17651

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894

SREASON - 58


Last Updated: 27 May 2016 10:41:02