8 matches found
Linux Distros Unpatched Vulnerability : CVE-2012-5656
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity...
SUSE CVE-2012-5656
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity XXE injection attack...
SUSE SLED10 Security Update : inkscape (SUSE-SU-2013:0350-1)
inkscape has been updated to fix a XXE Xml eXternal Entity attack during rasterization of SVG images. CVE-2012-5656, where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Note that Tenable Network Security has extracted the preceding description block...
SuSE 11.2 Security Update : inkscape (SAT Patch Number 7380)
inkscape was updated to fix a XXE Xml eXternal Entity attack during rasterization of SVG images CVE-2012-5656, where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Also inkscape would have loaded .EPS files from untrusted /tmp occasionaly instead from...
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : inkscape vulnerabilities (USN-1712-1)
It was discoverd that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. CVE-2012-5656 It was discovered that Inkscape...
CVE-2012-5656
CVE-2012-5656 concerns Inkscape ≤ 0.48.3 (up to 0.48.4) where the rasterization of SVGs can be abused via an XML external entity (XXE) in a crafted SVG, allowing a local attacker to read arbitrary files. The issue stems from the rasterization path processing external entities. Public advisories c...
Fedora 17 : inkscape-0.48.4-1.fc17 (2012-20620)
Fix XXE flaw, man page ownership. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...
Fedora 18 : inkscape-0.48.4-1.fc18 (2012-20643)
Fix XXE flaw, man page ownership. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...