RSS   Podatności dla 'Inkscape'   RSS

2022-05-18
 
CVE-2021-42700

CWE-125
 

 
Inkscape 0.19 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.

 
 
CVE-2021-42702

CWE-824
 

 
Inkscape version 0.19 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.

 
 
CVE-2021-42704

CWE-787
 

 
Inkscape version 0.19 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.

 
2013-03-12
 
CVE-2012-6076

CWE-264
 

 
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.

 
2013-01-18
 
CVE-2012-5656

CWE-264
 

 
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

 
2007-03-21
 
CVE-2007-1464

CWE-Other
 

 
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.

 
 
CVE-2007-1463

CWE-Other
 

 
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.

 
2005-11-29
 
CVE-2005-3885

CWE-Other
 

 
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.

 
2005-11-21
 
CVE-2005-3737

 

 
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.

 


Copyright 2022, cxsecurity.com

 

Back to Top