Inkscape vulnerabilities

2013-01-3000:00:00

ubuntu.com

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.4%

JSON

Releases

Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04

Packages

inkscape - vector-based drawing program

Details

It was discoverd that Inkscape incorrectly handled XML external entities in
SVG files. If a user were tricked into opening a specially-crafted SVG
file, Inkscape could possibly include external files in drawings, resulting
in information disclosure. (CVE-2012-5656)

It was discovered that Inkscape attempted to open certain files from the
/tmp directory instead of the current directory. A local attacker could
trick a user into opening a different file than the one that was intended.
This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10.
(CVE-2012-6076)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.10noarchinkscape< 0.48.3.1-1ubuntu6.1UNKNOWN
Ubuntu12.04noarchinkscape< 0.48.3.1-1ubuntu1.1UNKNOWN
Ubuntu11.10noarchinkscape< 0.48.2-0ubuntu1.1UNKNOWN
Ubuntu10.04noarchinkscape< 0.47.0-2ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	12.10	noarch	inkscape	< 0.48.3.1-1ubuntu6.1	UNKNOWN
Ubuntu	12.04	noarch	inkscape	< 0.48.3.1-1ubuntu1.1	UNKNOWN
Ubuntu	11.10	noarch	inkscape	< 0.48.2-0ubuntu1.1	UNKNOWN
Ubuntu	10.04	noarch	inkscape	< 0.47.0-2ubuntu2.1	UNKNOWN