Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for inkscape by inkscape

    CVE-2026-4980 (GCVE-0-2026-4980)

    Vulnerability from nvd – Published: 2026-03-27 14:50 – Updated: 2026-04-06 19:48
    VLAI
    Title
    Improper Restriction of XML External Entity Reference in Inkscape
    Summary
    A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    Inkscape Inkscape Affected: 1.1 , < 1.3 (semver)
    Create a notification for this product.
    Credits
    VK (previously elttam) https://github.com/me0wday
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4980",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T15:12:52.453006Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-06T19:48:25.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Inkscape",
              "vendor": "Inkscape",
              "versions": [
                {
                  "lessThan": "1.3",
                  "status": "affected",
                  "version": "1.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "VK (previously elttam) https://github.com/me0wday"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T14:50:48.271Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://gitlab.com/inkscape/inkscape/-/work_items/3557"
            },
            {
              "url": "https://gitlab.com/inkscape/inkscape/-/merge_requests/5269"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.3 or above"
            }
          ],
          "title": "Improper Restriction of XML External Entity Reference in Inkscape"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-4980",
        "datePublished": "2026-03-27T14:50:48.271Z",
        "dateReserved": "2026-03-27T11:18:24.287Z",
        "dateUpdated": "2026-04-06T19:48:25.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15523 (GCVE-0-2025-15523)

    Vulnerability from nvd – Published: 2026-01-22 14:45 – Updated: 2026-01-22 15:05 X_Open Source
    VLAI
    Title
    TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app
    Summary
    MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker's malicious intent. This issue has been fixed in 1.4.3 version of Inkscape.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Inkscape Inkscape Affected: 0 , < 1.4.3 (semver)
    Create a notification for this product.
    Date Public
    2026-01-22 13:00
    Credits
    Karol Mazurek and Hubert Decyusz (AFINE Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15523",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T15:05:02.747583Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-22T15:05:37.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Inkscape",
              "repo": "https://gitlab.com/inkscape/inkscape",
              "vendor": "Inkscape",
              "versions": [
                {
                  "lessThan": "1.4.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Karol Mazurek and Hubert Decyusz (AFINE Team)"
            }
          ],
          "datePublic": "2026-01-22T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "MacOS version of Inkscape bundles a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePython\u003c/span\u003e interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker\u0027s malicious intent.\u003cbr\u003e\u003cbr\u003eThis issue has been fixed in 1.4.3 version of Inkscape.\u003cbr\u003e"
                }
              ],
              "value": "MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker\u0027s malicious intent.\n\nThis issue has been fixed in 1.4.3 version of Inkscape."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-22T14:45:26.404Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://inkscape.org/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/01/CVE-2025-15523/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2025-15523",
        "datePublished": "2026-01-22T14:45:26.404Z",
        "dateReserved": "2026-01-14T17:14:05.617Z",
        "dateUpdated": "2026-01-22T15:05:37.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-42704 (GCVE-0-2021-42704)

    Vulnerability from nvd – Published: 2022-05-18 16:24 – Updated: 2025-04-16 16:19
    VLAI
    Title
    Inkscape Out-of-bounds Write
    Summary
    Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Inkscape Inkscape Affected: 0.91
    Create a notification for this product.
    Date Public
    2022-05-12 00:00
    Credits
    Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.053Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-42704",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:50:21.272220Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:19:49.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Inkscape",
              "vendor": "Inkscape",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2022-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-01T13:59:19.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Inkscape Out-of-bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
              "ID": "CVE-2021-42704",
              "STATE": "PUBLIC",
              "TITLE": "Inkscape Out-of-bounds Write"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Inkscape",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "0.91"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Inkscape"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
                  "refsource": "CONFIRM",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
                },
                {
                  "name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
                  "refsource": "CONFIRM",
                  "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42704",
        "datePublished": "2022-05-18T16:24:51.499Z",
        "dateReserved": "2021-10-18T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:19:49.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42702 (GCVE-0-2021-42702)

    Vulnerability from nvd – Published: 2022-05-18 16:24 – Updated: 2025-04-16 16:19
    VLAI
    Title
    Inkscape Access of Uninitialized Pointer
    Summary
    Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Inkscape Inkscape Affected: 0.91
    Create a notification for this product.
    Date Public
    2022-05-12 00:00
    Credits
    Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.116Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-42702",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:50:02.387916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:19:56.515Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Inkscape",
              "vendor": "Inkscape",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2022-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-01T13:58:43.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Inkscape Access of Uninitialized Pointer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
              "ID": "CVE-2021-42702",
              "STATE": "PUBLIC",
              "TITLE": "Inkscape Access of Uninitialized Pointer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Inkscape",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "0.91"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Inkscape"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-824 Access of Uninitialized Pointer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
                  "refsource": "CONFIRM",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
                },
                {
                  "name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
                  "refsource": "CONFIRM",
                  "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42702",
        "datePublished": "2022-05-18T16:24:13.808Z",
        "dateReserved": "2021-10-18T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:19:56.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42700 (GCVE-0-2021-42700)

    Vulnerability from nvd – Published: 2022-05-18 16:21 – Updated: 2025-04-16 16:20
    VLAI
    Title
    Inkscape Out-of-bounds Read
    Summary
    Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Inkscape Inkscape Affected: 0.91
    Create a notification for this product.
    Date Public
    2022-05-12 00:00
    Credits
    Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.033Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-42700",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:50:06.913324Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:20:04.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Inkscape",
              "vendor": "Inkscape",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2022-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-01T13:58:04.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Inkscape Out-of-bounds Read",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
              "ID": "CVE-2021-42700",
              "STATE": "PUBLIC",
              "TITLE": "Inkscape Out-of-bounds Read"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Inkscape",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "0.91"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Inkscape"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
                  "refsource": "CONFIRM",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
                },
                {
                  "name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
                  "refsource": "CONFIRM",
                  "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42700",
        "datePublished": "2022-05-18T16:21:40.584Z",
        "dateReserved": "2021-10-18T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:20:04.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6076 (GCVE-0-2012-6076)

    Vulnerability from nvd – Published: 2013-03-12 21:00 – Updated: 2024-08-06 21:21
    VLAI
    Summary
    Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:21:28.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
              },
              {
                "name": "USN-1712-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1712-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/inkscape/+bug/911146"
              },
              {
                "name": "openSUSE-SU-2013:0294",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
              },
              {
                "name": "openSUSE-SU-2013:0297",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-12T21:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
            },
            {
              "name": "USN-1712-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1712-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/inkscape/+bug/911146"
            },
            {
              "name": "openSUSE-SU-2013:0294",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
            },
            {
              "name": "openSUSE-SU-2013:0297",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-6076",
        "datePublished": "2013-03-12T21:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:21:28.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5656 (GCVE-0-2012-5656)

    Vulnerability from nvd – Published: 2013-01-18 11:00 – Updated: 2024-08-06 21:14
    VLAI
    Summary
    The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-12-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:16.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
              },
              {
                "name": "FEDORA-2012-20620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
              },
              {
                "name": "USN-1712-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1712-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/inkscape/+milestone/0.48.4"
              },
              {
                "name": "56965",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56965"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
              },
              {
                "name": "FEDORA-2012-20621",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
              },
              {
                "name": "openSUSE-SU-2013:0294",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
              },
              {
                "name": "openSUSE-SU-2013:0297",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
              },
              {
                "name": "FEDORA-2012-20643",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-23T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
            },
            {
              "name": "FEDORA-2012-20620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
            },
            {
              "name": "USN-1712-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1712-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.net/inkscape/+milestone/0.48.4"
            },
            {
              "name": "56965",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56965"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
            },
            {
              "name": "FEDORA-2012-20621",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
            },
            {
              "name": "openSUSE-SU-2013:0294",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
            },
            {
              "name": "openSUSE-SU-2013:0297",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
            },
            {
              "name": "FEDORA-2012-20643",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5656",
        "datePublished": "2013-01-18T11:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:14:16.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1463 (GCVE-0-2007-1463)

    Vulnerability from nvd – Published: 2007-03-21 19:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/24859 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24615 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24597 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24584 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/23138 vdb-entryx_refsource_BID
    http://www.gentoo.org/security/en/glsa/glsa-20070… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/24661 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-1170 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1059 vdb-entryx_refsource_VUPEN
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/usn-438-1 vendor-advisoryx_refsource_UBUNTU
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/463710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/25072 third-party-advisoryx_refsource_SECUNIA
    http://sourceforge.net/project/shownotes.php?grou… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/23070 vdb-entryx_refsource_BID
    Date Public
    2007-03-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "inkscape-dialogs-format-string(33163)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
              },
              {
                "name": "24859",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24859"
              },
              {
                "name": "24615",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24615"
              },
              {
                "name": "24597",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24597"
              },
              {
                "name": "24584",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24584"
              },
              {
                "name": "23138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23138"
              },
              {
                "name": "GLSA-200704-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
              },
              {
                "name": "24661",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24661"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1170"
              },
              {
                "name": "ADV-2007-1059",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1059"
              },
              {
                "name": "SUSE-SR:2007:008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
              },
              {
                "name": "USN-438-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-438-1"
              },
              {
                "name": "MDKSA-2007:069",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
              },
              {
                "name": "20070324 FLEA-2007-0002-1: inkscape",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
              },
              {
                "name": "25072",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25072"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
              },
              {
                "name": "23070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23070"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "inkscape-dialogs-format-string(33163)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
            },
            {
              "name": "24859",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24859"
            },
            {
              "name": "24615",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24615"
            },
            {
              "name": "24597",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24597"
            },
            {
              "name": "24584",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24584"
            },
            {
              "name": "23138",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23138"
            },
            {
              "name": "GLSA-200704-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
            },
            {
              "name": "24661",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24661"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1170"
            },
            {
              "name": "ADV-2007-1059",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1059"
            },
            {
              "name": "SUSE-SR:2007:008",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
            },
            {
              "name": "USN-438-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-438-1"
            },
            {
              "name": "MDKSA-2007:069",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
            },
            {
              "name": "20070324 FLEA-2007-0002-1: inkscape",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
            },
            {
              "name": "25072",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25072"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
            },
            {
              "name": "23070",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23070"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2007-1463",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "inkscape-dialogs-format-string(33163)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
                },
                {
                  "name": "24859",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24859"
                },
                {
                  "name": "24615",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24615"
                },
                {
                  "name": "24597",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24597"
                },
                {
                  "name": "24584",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24584"
                },
                {
                  "name": "23138",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23138"
                },
                {
                  "name": "GLSA-200704-10",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
                },
                {
                  "name": "24661",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24661"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1170",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1170"
                },
                {
                  "name": "ADV-2007-1059",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1059"
                },
                {
                  "name": "SUSE-SR:2007:008",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
                },
                {
                  "name": "USN-438-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-438-1"
                },
                {
                  "name": "MDKSA-2007:069",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
                },
                {
                  "name": "20070324 FLEA-2007-0002-1: inkscape",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
                },
                {
                  "name": "25072",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25072"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
                },
                {
                  "name": "23070",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23070"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2007-1463",
        "datePublished": "2007-03-21T19:00:00.000Z",
        "dateReserved": "2007-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1464 (GCVE-0-2007-1464)

    Vulnerability from nvd – Published: 2007-03-21 19:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/24859 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24615 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/23138 vdb-entryx_refsource_BID
    http://www.gentoo.org/security/en/glsa/glsa-20070… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/24661 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-1170 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1059 vdb-entryx_refsource_VUPEN
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/463710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/25072 third-party-advisoryx_refsource_SECUNIA
    http://sourceforge.net/project/shownotes.php?grou… x_refsource_CONFIRM
    Date Public
    2007-03-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "inkscape-jabber-format-string(33164)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
              },
              {
                "name": "24859",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24859"
              },
              {
                "name": "24615",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24615"
              },
              {
                "name": "23138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23138"
              },
              {
                "name": "GLSA-200704-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
              },
              {
                "name": "24661",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24661"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1170"
              },
              {
                "name": "ADV-2007-1059",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1059"
              },
              {
                "name": "SUSE-SR:2007:008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
              },
              {
                "name": "20070324 FLEA-2007-0002-1: inkscape",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
              },
              {
                "name": "25072",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25072"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "inkscape-jabber-format-string(33164)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
            },
            {
              "name": "24859",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24859"
            },
            {
              "name": "24615",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24615"
            },
            {
              "name": "23138",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23138"
            },
            {
              "name": "GLSA-200704-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
            },
            {
              "name": "24661",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24661"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1170"
            },
            {
              "name": "ADV-2007-1059",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1059"
            },
            {
              "name": "SUSE-SR:2007:008",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
            },
            {
              "name": "20070324 FLEA-2007-0002-1: inkscape",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
            },
            {
              "name": "25072",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25072"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2007-1464",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "inkscape-jabber-format-string(33164)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
                },
                {
                  "name": "24859",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24859"
                },
                {
                  "name": "24615",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24615"
                },
                {
                  "name": "23138",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23138"
                },
                {
                  "name": "GLSA-200704-10",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
                },
                {
                  "name": "24661",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24661"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1170",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1170"
                },
                {
                  "name": "ADV-2007-1059",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1059"
                },
                {
                  "name": "SUSE-SR:2007:008",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
                },
                {
                  "name": "20070324 FLEA-2007-0002-1: inkscape",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
                },
                {
                  "name": "25072",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25072"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2007-1464",
        "datePublished": "2007-03-21T19:00:00.000Z",
        "dateReserved": "2007-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3885 (GCVE-0-2005-3885)

    Vulnerability from nvd – Published: 2005-11-29 19:00 – Updated: 2024-08-07 23:24
    VLAI
    Summary
    The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501 x_refsource_CONFIRM
    http://secunia.com/advisories/17882 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/16343 third-party-advisoryx_refsource_SECUNIA
    https://usn.ubuntu.com/223-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/17886 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2005/dsa-916 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/14522 vdb-entryx_refsource_BID
    Date Public
    2005-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:24:36.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
              },
              {
                "name": "17882",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17882"
              },
              {
                "name": "16343",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16343"
              },
              {
                "name": "USN-223-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/223-1/"
              },
              {
                "name": "17886",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17886"
              },
              {
                "name": "DSA-916",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-916"
              },
              {
                "name": "14522",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14522"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
            },
            {
              "name": "17882",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17882"
            },
            {
              "name": "16343",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16343"
            },
            {
              "name": "USN-223-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/223-1/"
            },
            {
              "name": "17886",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17886"
            },
            {
              "name": "DSA-916",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-916"
            },
            {
              "name": "14522",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14522"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2005-3885",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
                },
                {
                  "name": "17882",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17882"
                },
                {
                  "name": "16343",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16343"
                },
                {
                  "name": "USN-223-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/223-1/"
                },
                {
                  "name": "17886",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17886"
                },
                {
                  "name": "DSA-916",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-916"
                },
                {
                  "name": "14522",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/14522"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2005-3885",
        "datePublished": "2005-11-29T19:00:00.000Z",
        "dateReserved": "2005-11-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:24:36.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3737 (GCVE-0-2005-3737)

    Vulnerability from nvd – Published: 2005-11-22 00:00 – Updated: 2024-08-07 23:24
    VLAI
    Summary
    Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/17778 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17651 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntulinux.org/usn/usn-217-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/15507 vdb-entryx_refsource_BID
    http://secunia.com/advisories/17882 third-party-advisoryx_refsource_SECUNIA
    http://cvs.sourceforge.net/viewcvs.py/inkscape/in… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2005/2511 vdb-entryx_refsource_VUPEN
    http://www.debian.org/security/2005/dsa-916 vendor-advisoryx_refsource_DEBIAN
    http://securityreason.com/securityalert/58 third-party-advisoryx_refsource_SREASON
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894 x_refsource_MISC
    http://secunia.com/advisories/17662 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:24:36.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200511-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
              },
              {
                "name": "SUSE-SR:2005:028",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
              },
              {
                "name": "17778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17778"
              },
              {
                "name": "17651",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17651"
              },
              {
                "name": "USN-217-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntulinux.org/usn/usn-217-1"
              },
              {
                "name": "15507",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15507"
              },
              {
                "name": "17882",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17882"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
              },
              {
                "name": "ADV-2005-2511",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2511"
              },
              {
                "name": "DSA-916",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-916"
              },
              {
                "name": "58",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/58"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
              },
              {
                "name": "17662",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17662"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-30T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200511-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
            },
            {
              "name": "SUSE-SR:2005:028",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "17778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17778"
            },
            {
              "name": "17651",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17651"
            },
            {
              "name": "USN-217-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntulinux.org/usn/usn-217-1"
            },
            {
              "name": "15507",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15507"
            },
            {
              "name": "17882",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17882"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
            },
            {
              "name": "ADV-2005-2511",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2511"
            },
            {
              "name": "DSA-916",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-916"
            },
            {
              "name": "58",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/58"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
            },
            {
              "name": "17662",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17662"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3737",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200511-22",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
                },
                {
                  "name": "SUSE-SR:2005:028",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
                },
                {
                  "name": "17778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17778"
                },
                {
                  "name": "17651",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17651"
                },
                {
                  "name": "USN-217-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntulinux.org/usn/usn-217-1"
                },
                {
                  "name": "15507",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15507"
                },
                {
                  "name": "17882",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17882"
                },
                {
                  "name": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
                },
                {
                  "name": "ADV-2005-2511",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2511"
                },
                {
                  "name": "DSA-916",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-916"
                },
                {
                  "name": "58",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/58"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894",
                  "refsource": "MISC",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
                },
                {
                  "name": "17662",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17662"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3737",
        "datePublished": "2005-11-22T00:00:00.000Z",
        "dateReserved": "2005-11-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:24:36.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-4980 (GCVE-0-2026-4980)

    Vulnerability from cvelistv5 – Published: 2026-03-27 14:50 – Updated: 2026-04-06 19:48
    VLAI
    Title
    Improper Restriction of XML External Entity Reference in Inkscape
    Summary
    A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    Inkscape Inkscape Affected: 1.1 , < 1.3 (semver)
    Create a notification for this product.
    Credits
    VK (previously elttam) https://github.com/me0wday
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4980",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T15:12:52.453006Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-06T19:48:25.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Inkscape",
              "vendor": "Inkscape",
              "versions": [
                {
                  "lessThan": "1.3",
                  "status": "affected",
                  "version": "1.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "VK (previously elttam) https://github.com/me0wday"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T14:50:48.271Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://gitlab.com/inkscape/inkscape/-/work_items/3557"
            },
            {
              "url": "https://gitlab.com/inkscape/inkscape/-/merge_requests/5269"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.3 or above"
            }
          ],
          "title": "Improper Restriction of XML External Entity Reference in Inkscape"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2026-4980",
        "datePublished": "2026-03-27T14:50:48.271Z",
        "dateReserved": "2026-03-27T11:18:24.287Z",
        "dateUpdated": "2026-04-06T19:48:25.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15523 (GCVE-0-2025-15523)

    Vulnerability from cvelistv5 – Published: 2026-01-22 14:45 – Updated: 2026-01-22 15:05 X_Open Source
    VLAI
    Title
    TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app
    Summary
    MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker's malicious intent. This issue has been fixed in 1.4.3 version of Inkscape.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Inkscape Inkscape Affected: 0 , < 1.4.3 (semver)
    Create a notification for this product.
    Date Public
    2026-01-22 13:00
    Credits
    Karol Mazurek and Hubert Decyusz (AFINE Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15523",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T15:05:02.747583Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-22T15:05:37.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Inkscape",
              "repo": "https://gitlab.com/inkscape/inkscape",
              "vendor": "Inkscape",
              "versions": [
                {
                  "lessThan": "1.4.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Karol Mazurek and Hubert Decyusz (AFINE Team)"
            }
          ],
          "datePublic": "2026-01-22T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "MacOS version of Inkscape bundles a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePython\u003c/span\u003e interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker\u0027s malicious intent.\u003cbr\u003e\u003cbr\u003eThis issue has been fixed in 1.4.3 version of Inkscape.\u003cbr\u003e"
                }
              ],
              "value": "MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker\u0027s malicious intent.\n\nThis issue has been fixed in 1.4.3 version of Inkscape."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-22T14:45:26.404Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://inkscape.org/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/01/CVE-2025-15523/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2025-15523",
        "datePublished": "2026-01-22T14:45:26.404Z",
        "dateReserved": "2026-01-14T17:14:05.617Z",
        "dateUpdated": "2026-01-22T15:05:37.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-42704 (GCVE-0-2021-42704)

    Vulnerability from cvelistv5 – Published: 2022-05-18 16:24 – Updated: 2025-04-16 16:19
    VLAI
    Title
    Inkscape Out-of-bounds Write
    Summary
    Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Inkscape Inkscape Affected: 0.91
    Create a notification for this product.
    Date Public
    2022-05-12 00:00
    Credits
    Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.053Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-42704",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:50:21.272220Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:19:49.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Inkscape",
              "vendor": "Inkscape",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2022-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-01T13:59:19.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Inkscape Out-of-bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
              "ID": "CVE-2021-42704",
              "STATE": "PUBLIC",
              "TITLE": "Inkscape Out-of-bounds Write"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Inkscape",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "0.91"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Inkscape"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
                  "refsource": "CONFIRM",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
                },
                {
                  "name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
                  "refsource": "CONFIRM",
                  "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42704",
        "datePublished": "2022-05-18T16:24:51.499Z",
        "dateReserved": "2021-10-18T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:19:49.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42702 (GCVE-0-2021-42702)

    Vulnerability from cvelistv5 – Published: 2022-05-18 16:24 – Updated: 2025-04-16 16:19
    VLAI
    Title
    Inkscape Access of Uninitialized Pointer
    Summary
    Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Inkscape Inkscape Affected: 0.91
    Create a notification for this product.
    Date Public
    2022-05-12 00:00
    Credits
    Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.116Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-42702",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:50:02.387916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:19:56.515Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Inkscape",
              "vendor": "Inkscape",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2022-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-01T13:58:43.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Inkscape Access of Uninitialized Pointer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
              "ID": "CVE-2021-42702",
              "STATE": "PUBLIC",
              "TITLE": "Inkscape Access of Uninitialized Pointer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Inkscape",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "0.91"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Inkscape"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-824 Access of Uninitialized Pointer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
                  "refsource": "CONFIRM",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
                },
                {
                  "name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
                  "refsource": "CONFIRM",
                  "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42702",
        "datePublished": "2022-05-18T16:24:13.808Z",
        "dateReserved": "2021-10-18T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:19:56.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42700 (GCVE-0-2021-42700)

    Vulnerability from cvelistv5 – Published: 2022-05-18 16:21 – Updated: 2025-04-16 16:20
    VLAI
    Title
    Inkscape Out-of-bounds Read
    Summary
    Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Inkscape Inkscape Affected: 0.91
    Create a notification for this product.
    Date Public
    2022-05-12 00:00
    Credits
    Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:50.033Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-42700",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:50:06.913324Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:20:04.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Inkscape",
              "vendor": "Inkscape",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2022-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-01T13:58:04.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Inkscape Out-of-bounds Read",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2022-05-12T21:42:00.000Z",
              "ID": "CVE-2021-42700",
              "STATE": "PUBLIC",
              "TITLE": "Inkscape Out-of-bounds Read"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Inkscape",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "0.91"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Inkscape"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03",
                  "refsource": "CONFIRM",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"
                },
                {
                  "name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/",
                  "refsource": "CONFIRM",
                  "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42700",
        "datePublished": "2022-05-18T16:21:40.584Z",
        "dateReserved": "2021-10-18T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:20:04.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6076 (GCVE-0-2012-6076)

    Vulnerability from cvelistv5 – Published: 2013-03-12 21:00 – Updated: 2024-08-06 21:21
    VLAI
    Summary
    Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:21:28.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
              },
              {
                "name": "USN-1712-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1712-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/inkscape/+bug/911146"
              },
              {
                "name": "openSUSE-SU-2013:0294",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
              },
              {
                "name": "openSUSE-SU-2013:0297",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-12T21:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
            },
            {
              "name": "USN-1712-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1712-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/inkscape/+bug/911146"
            },
            {
              "name": "openSUSE-SU-2013:0294",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
            },
            {
              "name": "openSUSE-SU-2013:0297",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-6076",
        "datePublished": "2013-03-12T21:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:21:28.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5656 (GCVE-0-2012-5656)

    Vulnerability from cvelistv5 – Published: 2013-01-18 11:00 – Updated: 2024-08-06 21:14
    VLAI
    Summary
    The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-12-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:16.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
              },
              {
                "name": "FEDORA-2012-20620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
              },
              {
                "name": "USN-1712-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1712-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/inkscape/+milestone/0.48.4"
              },
              {
                "name": "56965",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56965"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
              },
              {
                "name": "FEDORA-2012-20621",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
              },
              {
                "name": "openSUSE-SU-2013:0294",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
              },
              {
                "name": "openSUSE-SU-2013:0297",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
              },
              {
                "name": "FEDORA-2012-20643",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-23T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/12/20/3"
            },
            {
              "name": "FEDORA-2012-20620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931"
            },
            {
              "name": "USN-1712-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1712-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.net/inkscape/+milestone/0.48.4"
            },
            {
              "name": "56965",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56965"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/inkscape/+bug/1025185"
            },
            {
              "name": "FEDORA-2012-20621",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html"
            },
            {
              "name": "openSUSE-SU-2013:0294",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
            },
            {
              "name": "openSUSE-SU-2013:0297",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
            },
            {
              "name": "FEDORA-2012-20643",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5656",
        "datePublished": "2013-01-18T11:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:14:16.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1463 (GCVE-0-2007-1463)

    Vulnerability from cvelistv5 – Published: 2007-03-21 19:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/24859 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24615 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24597 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24584 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/23138 vdb-entryx_refsource_BID
    http://www.gentoo.org/security/en/glsa/glsa-20070… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/24661 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-1170 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1059 vdb-entryx_refsource_VUPEN
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/usn-438-1 vendor-advisoryx_refsource_UBUNTU
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/463710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/25072 third-party-advisoryx_refsource_SECUNIA
    http://sourceforge.net/project/shownotes.php?grou… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/23070 vdb-entryx_refsource_BID
    Date Public
    2007-03-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "inkscape-dialogs-format-string(33163)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
              },
              {
                "name": "24859",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24859"
              },
              {
                "name": "24615",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24615"
              },
              {
                "name": "24597",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24597"
              },
              {
                "name": "24584",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24584"
              },
              {
                "name": "23138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23138"
              },
              {
                "name": "GLSA-200704-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
              },
              {
                "name": "24661",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24661"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1170"
              },
              {
                "name": "ADV-2007-1059",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1059"
              },
              {
                "name": "SUSE-SR:2007:008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
              },
              {
                "name": "USN-438-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-438-1"
              },
              {
                "name": "MDKSA-2007:069",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
              },
              {
                "name": "20070324 FLEA-2007-0002-1: inkscape",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
              },
              {
                "name": "25072",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25072"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
              },
              {
                "name": "23070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23070"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "inkscape-dialogs-format-string(33163)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
            },
            {
              "name": "24859",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24859"
            },
            {
              "name": "24615",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24615"
            },
            {
              "name": "24597",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24597"
            },
            {
              "name": "24584",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24584"
            },
            {
              "name": "23138",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23138"
            },
            {
              "name": "GLSA-200704-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
            },
            {
              "name": "24661",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24661"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1170"
            },
            {
              "name": "ADV-2007-1059",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1059"
            },
            {
              "name": "SUSE-SR:2007:008",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
            },
            {
              "name": "USN-438-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-438-1"
            },
            {
              "name": "MDKSA-2007:069",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
            },
            {
              "name": "20070324 FLEA-2007-0002-1: inkscape",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
            },
            {
              "name": "25072",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25072"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
            },
            {
              "name": "23070",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23070"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2007-1463",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "inkscape-dialogs-format-string(33163)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33163"
                },
                {
                  "name": "24859",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24859"
                },
                {
                  "name": "24615",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24615"
                },
                {
                  "name": "24597",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24597"
                },
                {
                  "name": "24584",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24584"
                },
                {
                  "name": "23138",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23138"
                },
                {
                  "name": "GLSA-200704-10",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
                },
                {
                  "name": "24661",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24661"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1170",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1170"
                },
                {
                  "name": "ADV-2007-1059",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1059"
                },
                {
                  "name": "SUSE-SR:2007:008",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
                },
                {
                  "name": "USN-438-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-438-1"
                },
                {
                  "name": "MDKSA-2007:069",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:069"
                },
                {
                  "name": "20070324 FLEA-2007-0002-1: inkscape",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
                },
                {
                  "name": "25072",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25072"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
                },
                {
                  "name": "23070",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23070"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2007-1463",
        "datePublished": "2007-03-21T19:00:00.000Z",
        "dateReserved": "2007-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1464 (GCVE-0-2007-1464)

    Vulnerability from cvelistv5 – Published: 2007-03-21 19:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/24859 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24615 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/23138 vdb-entryx_refsource_BID
    http://www.gentoo.org/security/en/glsa/glsa-20070… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/24661 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-1170 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1059 vdb-entryx_refsource_VUPEN
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/463710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/25072 third-party-advisoryx_refsource_SECUNIA
    http://sourceforge.net/project/shownotes.php?grou… x_refsource_CONFIRM
    Date Public
    2007-03-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "inkscape-jabber-format-string(33164)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
              },
              {
                "name": "24859",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24859"
              },
              {
                "name": "24615",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24615"
              },
              {
                "name": "23138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23138"
              },
              {
                "name": "GLSA-200704-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
              },
              {
                "name": "24661",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24661"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1170"
              },
              {
                "name": "ADV-2007-1059",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1059"
              },
              {
                "name": "SUSE-SR:2007:008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
              },
              {
                "name": "20070324 FLEA-2007-0002-1: inkscape",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
              },
              {
                "name": "25072",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25072"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "inkscape-jabber-format-string(33164)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
            },
            {
              "name": "24859",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24859"
            },
            {
              "name": "24615",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24615"
            },
            {
              "name": "23138",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23138"
            },
            {
              "name": "GLSA-200704-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
            },
            {
              "name": "24661",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24661"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1170"
            },
            {
              "name": "ADV-2007-1059",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1059"
            },
            {
              "name": "SUSE-SR:2007:008",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
            },
            {
              "name": "20070324 FLEA-2007-0002-1: inkscape",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
            },
            {
              "name": "25072",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25072"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2007-1464",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "inkscape-jabber-format-string(33164)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33164"
                },
                {
                  "name": "24859",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24859"
                },
                {
                  "name": "24615",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24615"
                },
                {
                  "name": "23138",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23138"
                },
                {
                  "name": "GLSA-200704-10",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml"
                },
                {
                  "name": "24661",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24661"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1170",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1170"
                },
                {
                  "name": "ADV-2007-1059",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1059"
                },
                {
                  "name": "SUSE-SR:2007:008",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
                },
                {
                  "name": "20070324 FLEA-2007-0002-1: inkscape",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/463710/100/0/threaded"
                },
                {
                  "name": "25072",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25072"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?group_id=93438\u0026release_id=495106"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2007-1464",
        "datePublished": "2007-03-21T19:00:00.000Z",
        "dateReserved": "2007-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3885 (GCVE-0-2005-3885)

    Vulnerability from cvelistv5 – Published: 2005-11-29 19:00 – Updated: 2024-08-07 23:24
    VLAI
    Summary
    The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501 x_refsource_CONFIRM
    http://secunia.com/advisories/17882 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/16343 third-party-advisoryx_refsource_SECUNIA
    https://usn.ubuntu.com/223-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/17886 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2005/dsa-916 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/14522 vdb-entryx_refsource_BID
    Date Public
    2005-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:24:36.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
              },
              {
                "name": "17882",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17882"
              },
              {
                "name": "16343",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16343"
              },
              {
                "name": "USN-223-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/223-1/"
              },
              {
                "name": "17886",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17886"
              },
              {
                "name": "DSA-916",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-916"
              },
              {
                "name": "14522",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14522"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
            },
            {
              "name": "17882",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17882"
            },
            {
              "name": "16343",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16343"
            },
            {
              "name": "USN-223-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/223-1/"
            },
            {
              "name": "17886",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17886"
            },
            {
              "name": "DSA-916",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-916"
            },
            {
              "name": "14522",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14522"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2005-3885",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501"
                },
                {
                  "name": "17882",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17882"
                },
                {
                  "name": "16343",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16343"
                },
                {
                  "name": "USN-223-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/223-1/"
                },
                {
                  "name": "17886",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17886"
                },
                {
                  "name": "DSA-916",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-916"
                },
                {
                  "name": "14522",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/14522"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2005-3885",
        "datePublished": "2005-11-29T19:00:00.000Z",
        "dateReserved": "2005-11-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:24:36.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3737 (GCVE-0-2005-3737)

    Vulnerability from cvelistv5 – Published: 2005-11-22 00:00 – Updated: 2024-08-07 23:24
    VLAI
    Summary
    Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/17778 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/17651 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntulinux.org/usn/usn-217-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/15507 vdb-entryx_refsource_BID
    http://secunia.com/advisories/17882 third-party-advisoryx_refsource_SECUNIA
    http://cvs.sourceforge.net/viewcvs.py/inkscape/in… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2005/2511 vdb-entryx_refsource_VUPEN
    http://www.debian.org/security/2005/dsa-916 vendor-advisoryx_refsource_DEBIAN
    http://securityreason.com/securityalert/58 third-party-advisoryx_refsource_SREASON
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894 x_refsource_MISC
    http://secunia.com/advisories/17662 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:24:36.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200511-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
              },
              {
                "name": "SUSE-SR:2005:028",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
              },
              {
                "name": "17778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17778"
              },
              {
                "name": "17651",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17651"
              },
              {
                "name": "USN-217-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntulinux.org/usn/usn-217-1"
              },
              {
                "name": "15507",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15507"
              },
              {
                "name": "17882",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17882"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
              },
              {
                "name": "ADV-2005-2511",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2511"
              },
              {
                "name": "DSA-916",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-916"
              },
              {
                "name": "58",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/58"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
              },
              {
                "name": "17662",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17662"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-30T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200511-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
            },
            {
              "name": "SUSE-SR:2005:028",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "17778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17778"
            },
            {
              "name": "17651",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17651"
            },
            {
              "name": "USN-217-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntulinux.org/usn/usn-217-1"
            },
            {
              "name": "15507",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15507"
            },
            {
              "name": "17882",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17882"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
            },
            {
              "name": "ADV-2005-2511",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2511"
            },
            {
              "name": "DSA-916",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-916"
            },
            {
              "name": "58",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/58"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
            },
            {
              "name": "17662",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17662"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3737",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200511-22",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
                },
                {
                  "name": "SUSE-SR:2005:028",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
                },
                {
                  "name": "17778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17778"
                },
                {
                  "name": "17651",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17651"
                },
                {
                  "name": "USN-217-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntulinux.org/usn/usn-217-1"
                },
                {
                  "name": "15507",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15507"
                },
                {
                  "name": "17882",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17882"
                },
                {
                  "name": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1",
                  "refsource": "CONFIRM",
                  "url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110\u0026r2=1.110.2.1"
                },
                {
                  "name": "ADV-2005-2511",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2511"
                },
                {
                  "name": "DSA-916",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2005/dsa-916"
                },
                {
                  "name": "58",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/58"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894",
                  "refsource": "MISC",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
                },
                {
                  "name": "17662",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17662"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3737",
        "datePublished": "2005-11-22T00:00:00.000Z",
        "dateReserved": "2005-11-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:24:36.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }