Lucene search

RedhatCVE-2012-5656

HistoryJan 18, 2013 - 11:48 a.m.

CVE-2012-5656

2013-01-1811:48:40

CWE-611

redhat

web.nvd.nist.gov

inkscape

rasterization

cve-2012-5656

xxe injection

svg

security vulnerability

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

30.2%

JSON

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Affected configurations

Nvd

Node

inkscapeinkscapeRange<0.48.4

Node

fedoraprojectfedoraMatch16

fedoraprojectfedoraMatch17

fedoraprojectfedoraMatch18

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch12.10

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.1

opensuseopensuseMatch12.2

VendorProductVersionCPE
inkscapeinkscape*cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:*
fedoraprojectfedora16cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
fedoraprojectfedora17cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
fedoraprojectfedora18cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
canonicalubuntu_linux11.10cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
canonicalubuntu_linux12.10cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
opensuseopensuse11.4cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
opensuseopensuse12.1cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
inkscape	inkscape	*	cpe:2.3:a:inkscape:inkscape::::::::
fedoraproject	fedora	16	cpe:2.3:o:fedoraproject:fedora:16:::::::*
fedoraproject	fedora	17	cpe:2.3:o:fedoraproject:fedora:17:::::::*
fedoraproject	fedora	18	cpe:2.3:o:fedoraproject:fedora:18:::::::*
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
canonical	ubuntu_linux	11.10	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
canonical	ubuntu_linux	12.10	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
opensuse	opensuse	11.4	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
opensuse	opensuse	12.1	cpe:2.3:o:opensuse:opensuse:12.1:::::::*

Rows per page:

1-10 of 111

References

bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931

lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html

lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html

lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html

lists.opensuse.org/opensuse-updates/2013-02/msg00041.html

lists.opensuse.org/opensuse-updates/2013-02/msg00043.html

www.openwall.com/lists/oss-security/2012/12/20/3

www.securityfocus.com/bid/56965

www.ubuntu.com/usn/USN-1712-1

bugs.launchpad.net/inkscape/+bug/1025185

launchpad.net/inkscape/+milestone/0.48.4

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

30.2%

JSON

Related for CVE-2012-5656