Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5656

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-5656
Last Modified 22 Mar 2013 11:14:25
Published 18 Jan 2013 06:48:40
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-5656

Summary

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Vulnerable Systems

Application

  • Inkscape 0.37

  • Inkscape 0.38.1

  • Inkscape 0.39

  • Inkscape 0.40

  • Inkscape 0.41

  • Inkscape 0.42

  • Inkscape 0.42.2

  • Inkscape 0.43

  • Inkscape 0.44

  • Inkscape 0.44.1

  • Inkscape 0.45.1

  • Inkscape 0.46

  • Inkscape 0.47

  • Inkscape 0.48

  • Inkscape 0.48.1

  • Inkscape 0.48.2

  • Inkscape 0.48.3

  • Inkscape 0.48.3.1


References

CONFIRM - https://launchpad.net/inkscape/+milestone/0.48.4

CONFIRM - https://bugs.launchpad.net/inkscape/+bug/1025185

BID - 56965

MLIST - [oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images

FEDORA - FEDORA-2012-20621

FEDORA - FEDORA-2012-20620

FEDORA - FEDORA-2012-20643

CONFIRM - http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931

UBUNTU - USN-1712-1

SUSE - openSUSE-SU-2013:0297

SUSE - openSUSE-SU-2013:0294


Last Updated: 27 May 2016 11:01:42