Back to search
CVE-2012-5656
Published: Jan 18, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images
mailing-list
x_refsource_MLIST
FEDORA-2012-20620
vendor-advisory
x_refsource_FEDORA
http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931
x_refsource_CONFIRM
USN-1712-1
vendor-advisory
x_refsource_UBUNTU
https://launchpad.net/inkscape/+milestone/0.48.4
x_refsource_CONFIRM
56965
vdb-entry
x_refsource_BID
https://bugs.launchpad.net/inkscape/+bug/1025185
x_refsource_CONFIRM
FEDORA-2012-20621
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2013:0294
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2013:0297
vendor-advisory
x_refsource_SUSE
FEDORA-2012-20643
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now