) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2012-6076 |
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts. Published: March 12, 2013; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
| CVE-2012-5656 |
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. Published: January 18, 2013; 6:48:40 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2007-1463 |
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. Published: March 21, 2007; 3:19:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2007-1464 |
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. Published: March 21, 2007; 3:19:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2005-3737 |
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values. Published: November 21, 2005; 7:03:00 PM -0500 |
V3.x:(not available) V2.0: 5.1 MEDIUM |