Inkscape: >> Inkscape >> 0.41 Security Vulnerabilities
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
CVSS Score
4.4
EPSS Score
0.001
Published
2013-03-12
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
CVSS Score
5.5
EPSS Score
0.002
Published
2013-01-18
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
CVSS Score
6.8
EPSS Score
0.085
Published
2007-03-21
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.069
Published
2007-03-21
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-11-29
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
CVSS Score
5.1
EPSS Score
0.281
Published
2005-11-22