ID KLA10220 Type kaspersky Reporter Kaspersky Lab Modified 2020-05-22T00:00:00
Description
Detect date:
03/12/2013
Severity:
Warning
Description:
A wrong directory reading was found in Inkscape. By exploiting this vulnerability malicious users can obtain sensitive information or possibly conduct other attacks. This vulnerability can be exploited locally via file operations.
{"id": "KLA10220", "bulletinFamily": "info", "title": "\r KLA10220OSI vulnerability in Inkscape ", "description": "### *Detect date*:\n03/12/2013\n\n### *Severity*:\nWarning\n\n### *Description*:\nA wrong directory reading was found in Inkscape. By exploiting this vulnerability malicious users can obtain sensitive information or possibly conduct other attacks. This vulnerability can be exploited locally via file operations.\n\n### *Affected products*:\nInkskape versions 0.48.3.1 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Inkscape](<https://threats.kaspersky.com/en/product/Inkscape/>)\n\n### *CVE-IDS*:\n[CVE-2012-6076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6076>)4.4Warning", "published": "2013-03-12T00:00:00", "modified": "2020-05-22T00:00:00", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10220", "reporter": "Kaspersky Lab", "references": [], "cvelist": ["CVE-2012-6076"], "type": "kaspersky", "lastseen": "2020-09-02T11:41:32", "edition": 41, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-6076"]}, {"type": "nessus", "idList": ["OPENSUSE-2013-118.NASL", "SUSE_11_INKSCAPE-130220.NASL", "UBUNTU_USN-1712-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:841294", "OPENVAS:1361412562310841294"]}, {"type": "ubuntu", "idList": ["USN-1712-1"]}], "modified": "2020-09-02T11:41:32", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2020-09-02T11:41:32", "rev": 2}, "vulnersScore": 4.7}, "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:59:57", "description": "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.", "edition": 6, "cvss3": {}, "published": "2013-03-12T22:55:00", "title": "CVE-2012-6076", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6076"], "modified": "2013-03-18T04:00:00", "cpe": ["cpe:/a:inkscape:inkscape:0.42.2", "cpe:/a:inkscape:inkscape:0.46", "cpe:/a:inkscape:inkscape:0.48.2", "cpe:/a:inkscape:inkscape:0.39", "cpe:/a:inkscape:inkscape:0.47", "cpe:/a:inkscape:inkscape:0.42", "cpe:/a:inkscape:inkscape:0.38.1", "cpe:/a:inkscape:inkscape:0.48.3.1", "cpe:/a:inkscape:inkscape:0.48", "cpe:/a:inkscape:inkscape:0.37", "cpe:/a:inkscape:inkscape:0.40", "cpe:/a:inkscape:inkscape:0.48.3", "cpe:/a:inkscape:inkscape:0.44", "cpe:/a:inkscape:inkscape:0.41", "cpe:/a:inkscape:inkscape:0.44.1", "cpe:/a:inkscape:inkscape:0.48.1", "cpe:/a:inkscape:inkscape:0.45.1", "cpe:/a:inkscape:inkscape:0.43"], "id": "CVE-2012-6076", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6076", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:inkscape:inkscape:0.48:pre0:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.48:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.45.1:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.48.1:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.47:pre4:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.46:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.37:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.38.1:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.40:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.44:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.47:pre2:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.47:pre0:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.43:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.48.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.47:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.48:pre1:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.44.1:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.48.2:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.39:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.47:pre3:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.47:pre1:*:*:*:*:*:*", "cpe:2.3:a:inkscape:inkscape:0.48.3:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:37:06", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5656", "CVE-2012-6076"], "description": "It was discoverd that Inkscape incorrectly handled XML external entities in \nSVG files. If a user were tricked into opening a specially-crafted SVG \nfile, Inkscape could possibly include external files in drawings, resulting \nin information disclosure. (CVE-2012-5656)\n\nIt was discovered that Inkscape attempted to open certain files from the \n/tmp directory instead of the current directory. A local attacker could \ntrick a user into opening a different file than the one that was intended. \nThis issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. \n(CVE-2012-6076)", "edition": 5, "modified": "2013-01-30T00:00:00", "published": "2013-01-30T00:00:00", "id": "USN-1712-1", "href": "https://ubuntu.com/security/notices/USN-1712-1", "title": "Inkscape vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-12-04T11:22:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5656", "CVE-2012-6076"], "description": "Check for the Version of inkscape", "modified": "2017-12-01T00:00:00", "published": "2013-01-31T00:00:00", "id": "OPENVAS:841294", "href": "http://plugins.openvas.org/nasl.php?oid=841294", "type": "openvas", "title": "Ubuntu Update for inkscape USN-1712-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1712_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for inkscape USN-1712-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discoverd that Inkscape incorrectly handled XML external entities in\n SVG files. If a user were tricked into opening a specially-crafted SVG\n file, Inkscape could possibly include external files in drawings, resulting\n in information disclosure. (CVE-2012-5656)\n\n It was discovered that Inkscape attempted to open certain files from the\n /tmp directory instead of the current directory. A local attacker could\n trick a user into opening a different file than the one that was intended.\n This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10.\n (CVE-2012-6076)\";\n\n\ntag_affected = \"inkscape on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1712-1/\");\n script_id(841294);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-31 09:26:22 +0530 (Thu, 31 Jan 2013)\");\n script_cve_id(\"CVE-2012-5656\", \"CVE-2012-6076\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1712-1\");\n script_name(\"Ubuntu Update for inkscape USN-1712-1\");\n\n script_summary(\"Check for the Version of inkscape\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"inkscape\", ver:\"0.48.3.1-1ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"inkscape\", ver:\"0.48.2-0ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"inkscape\", ver:\"0.47.0-2ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"inkscape\", ver:\"0.48.3.1-1ubuntu6.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5656", "CVE-2012-6076"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-01-31T00:00:00", "id": "OPENVAS:1361412562310841294", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841294", "type": "openvas", "title": "Ubuntu Update for inkscape USN-1712-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1712_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for inkscape USN-1712-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1712-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841294\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-31 09:26:22 +0530 (Thu, 31 Jan 2013)\");\n script_cve_id(\"CVE-2012-5656\", \"CVE-2012-6076\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1712-1\");\n script_name(\"Ubuntu Update for inkscape USN-1712-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'inkscape'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS|12\\.10)\");\n script_tag(name:\"affected\", value:\"inkscape on Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discoverd that Inkscape incorrectly handled XML external entities in\n SVG files. If a user were tricked into opening a specially-crafted SVG\n file, Inkscape could possibly include external files in drawings, resulting\n in information disclosure. (CVE-2012-5656)\n\n It was discovered that Inkscape attempted to open certain files from the\n /tmp directory instead of the current directory. A local attacker could\n trick a user into opening a different file than the one that was intended.\n This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10.\n (CVE-2012-6076)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"inkscape\", ver:\"0.48.3.1-1ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"inkscape\", ver:\"0.48.2-0ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"inkscape\", ver:\"0.47.0-2ubuntu2.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"inkscape\", ver:\"0.48.3.1-1ubuntu6.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-20T12:26:10", "description": "Inkscape was updated to fix two security issues :\n\n - inkscape occasionaly tries to open EPS files from /tmp\n (bnc#796306, CVE-2012-6076).\n\n - inkscape could load XML from external hosts (bnc#794958,\n CWE-827, CVE-2012-5656).", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : inkscape (openSUSE-SU-2013:0294-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5656", "CVE-2012-6076"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:inkscape-extensions-fig", "p-cpe:/a:novell:opensuse:inkscape-debuginfo", "p-cpe:/a:novell:opensuse:inkscape-extensions-extra", "p-cpe:/a:novell:opensuse:inkscape-debugsource", "p-cpe:/a:novell:opensuse:inkscape", "p-cpe:/a:novell:opensuse:inkscape-lang", "p-cpe:/a:novell:opensuse:inkscape-extensions-gimp", "p-cpe:/a:novell:opensuse:inkscape-extensions-dia", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:inkscape-extensions-skencil"], "id": "OPENSUSE-2013-118.NASL", "href": "https://www.tenable.com/plugins/nessus/74889", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-118.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74889);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-5656\", \"CVE-2012-6076\");\n\n script_name(english:\"openSUSE Security Update : inkscape (openSUSE-SU-2013:0294-1)\");\n script_summary(english:\"Check for the openSUSE-2013-118 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Inkscape was updated to fix two security issues :\n\n - inkscape occasionaly tries to open EPS files from /tmp\n (bnc#796306, CVE-2012-6076).\n\n - inkscape could load XML from external hosts (bnc#794958,\n CWE-827, CVE-2012-5656).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=794958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected inkscape packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:inkscape-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:inkscape-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:inkscape-extensions-dia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:inkscape-extensions-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:inkscape-extensions-fig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:inkscape-extensions-gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:inkscape-extensions-skencil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:inkscape-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"inkscape-0.48.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"inkscape-debuginfo-0.48.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"inkscape-debugsource-0.48.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"inkscape-extensions-dia-0.48.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"inkscape-extensions-extra-0.48.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"inkscape-extensions-fig-0.48.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"inkscape-extensions-gimp-0.48.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"inkscape-extensions-skencil-0.48.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"inkscape-lang-0.48.2-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"inkscape-0.48.3.1-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"inkscape-debuginfo-0.48.3.1-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"inkscape-debugsource-0.48.3.1-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"inkscape-extensions-dia-0.48.3.1-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"inkscape-extensions-extra-0.48.3.1-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"inkscape-extensions-fig-0.48.3.1-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"inkscape-extensions-gimp-0.48.3.1-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"inkscape-extensions-skencil-0.48.3.1-5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"inkscape-lang-0.48.3.1-5.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"inkscape\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:38:43", "description": "inkscape was updated to fix a XXE (Xml eXternal Entity) attack during\nrasterization of SVG images (CVE-2012-5656), where the rendering of\nmalicious SVG images could have connected from inkscape to internal\nhosts.\n\nAlso inkscape would have loaded .EPS files from untrusted /tmp\noccasionaly instead from the current directory. (CVE-2012-6076)", "edition": 17, "published": "2013-02-27T00:00:00", "title": "SuSE 11.2 Security Update : inkscape (SAT Patch Number 7380)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5656", "CVE-2012-6076"], "modified": "2013-02-27T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:inkscape-lang", "p-cpe:/a:novell:suse_linux:11:inkscape-extensions-fig", "p-cpe:/a:novell:suse_linux:11:inkscape-extensions-extra", "p-cpe:/a:novell:suse_linux:11:inkscape", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:inkscape-extensions-gimp", "p-cpe:/a:novell:suse_linux:11:inkscape-extensions-dia"], "id": "SUSE_11_INKSCAPE-130220.NASL", "href": "https://www.tenable.com/plugins/nessus/64906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64906);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-5656\", \"CVE-2012-6076\");\n\n script_name(english:\"SuSE 11.2 Security Update : inkscape (SAT Patch Number 7380)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"inkscape was updated to fix a XXE (Xml eXternal Entity) attack during\nrasterization of SVG images (CVE-2012-5656), where the rendering of\nmalicious SVG images could have connected from inkscape to internal\nhosts.\n\nAlso inkscape would have loaded .EPS files from untrusted /tmp\noccasionaly instead from the current directory. (CVE-2012-6076)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=794958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=796306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5656.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6076.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7380.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:inkscape-extensions-dia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:inkscape-extensions-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:inkscape-extensions-fig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:inkscape-extensions-gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:inkscape-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"inkscape-0.46-62.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"inkscape-extensions-dia-0.46-62.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"inkscape-extensions-extra-0.46-62.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"inkscape-extensions-fig-0.46-62.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"inkscape-extensions-gimp-0.46-62.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"inkscape-lang-0.46-62.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"inkscape-0.46-62.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"inkscape-extensions-dia-0.46-62.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"inkscape-extensions-extra-0.46-62.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"inkscape-extensions-fig-0.46-62.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"inkscape-extensions-gimp-0.46-62.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"inkscape-lang-0.46-62.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T07:25:29", "description": "It was discoverd that Inkscape incorrectly handled XML external\nentities in SVG files. If a user were tricked into opening a specially\ncrafted SVG file, Inkscape could possibly include external files in\ndrawings, resulting in information disclosure. (CVE-2012-5656)\n\nIt was discovered that Inkscape attempted to open certain files from\nthe /tmp directory instead of the current directory. A local attacker\ncould trick a user into opening a different file than the one that was\nintended. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS\nand Ubuntu 12.10. (CVE-2012-6076).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2013-01-31T00:00:00", "title": "Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : inkscape vulnerabilities (USN-1712-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5656", "CVE-2012-6076"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:inkscape", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1712-1.NASL", "href": "https://www.tenable.com/plugins/nessus/64375", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1712-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64375);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-5656\", \"CVE-2012-6076\");\n script_xref(name:\"USN\", value:\"1712-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : inkscape vulnerabilities (USN-1712-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discoverd that Inkscape incorrectly handled XML external\nentities in SVG files. If a user were tricked into opening a specially\ncrafted SVG file, Inkscape could possibly include external files in\ndrawings, resulting in information disclosure. (CVE-2012-5656)\n\nIt was discovered that Inkscape attempted to open certain files from\nthe /tmp directory instead of the current directory. A local attacker\ncould trick a user into opening a different file than the one that was\nintended. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS\nand Ubuntu 12.10. (CVE-2012-6076).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1712-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected inkscape package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"inkscape\", pkgver:\"0.47.0-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"inkscape\", pkgver:\"0.48.2-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"inkscape\", pkgver:\"0.48.3.1-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"inkscape\", pkgver:\"0.48.3.1-1ubuntu6.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"inkscape\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}]}
