2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
30.4%
The rasterization process in Inkscape before 0.48.4 allows local users to
read arbitrary files via an external entity in a SVG file, aka an XML
external entity (XXE) injection attack.
wiki.inkscape.org/wiki/index.php/Release_notes/0.48.4
www.openwall.com/lists/oss-security/2012/12/19
bugs.launchpad.net/inkscape/+bug/1025185/comments/14
launchpad.net/bugs/cve/CVE-2012-5656
nvd.nist.gov/vuln/detail/CVE-2012-5656
security-tracker.debian.org/tracker/CVE-2012-5656
ubuntu.com/security/notices/USN-1712-1
www.cve.org/CVERecord?id=CVE-2012-5656
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
30.4%