Vulnerability Details CVE-2012-6076
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 38.0%
CVSS Severity
CVSS v2 Score 4.4
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html
- http://www.openwall.com/lists/oss-security/2012/12/30/2
- http://www.ubuntu.com/usn/USN-1712-1
- https://bugs.launchpad.net/inkscape/+bug/911146
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html
- http://www.openwall.com/lists/oss-security/2012/12/30/2
- http://www.ubuntu.com/usn/USN-1712-1
- https://bugs.launchpad.net/inkscape/+bug/911146
Products affected by CVE-2012-6076
-
cpe:2.3:a:inkscape:inkscape:0.37
-
cpe:2.3:a:inkscape:inkscape:0.38.1
-
cpe:2.3:a:inkscape:inkscape:0.39
-
cpe:2.3:a:inkscape:inkscape:0.40
-
cpe:2.3:a:inkscape:inkscape:0.41
-
cpe:2.3:a:inkscape:inkscape:0.42
-
cpe:2.3:a:inkscape:inkscape:0.42.2
-
cpe:2.3:a:inkscape:inkscape:0.43
-
cpe:2.3:a:inkscape:inkscape:0.44
-
cpe:2.3:a:inkscape:inkscape:0.44.1
-
cpe:2.3:a:inkscape:inkscape:0.45
-
cpe:2.3:a:inkscape:inkscape:0.45.1
-
cpe:2.3:a:inkscape:inkscape:0.46
-
cpe:2.3:a:inkscape:inkscape:0.47
-
cpe:2.3:a:inkscape:inkscape:0.48
-
cpe:2.3:a:inkscape:inkscape:0.48.1
-
cpe:2.3:a:inkscape:inkscape:0.48.2
-
cpe:2.3:a:inkscape:inkscape:0.48.3
-
cpe:2.3:a:inkscape:inkscape:0.48.3.1