First published: Fri Jan 18 2013(Updated: )
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Inkscape Inkscape | <=0.48.3.1 | |
Inkscape Inkscape | =0.37 | |
Inkscape Inkscape | =0.38.1 | |
Inkscape Inkscape | =0.39 | |
Inkscape Inkscape | =0.40 | |
Inkscape Inkscape | =0.41 | |
Inkscape Inkscape | =0.42 | |
Inkscape Inkscape | =0.42.2 | |
Inkscape Inkscape | =0.43 | |
Inkscape Inkscape | =0.44 | |
Inkscape Inkscape | =0.44.1 | |
Inkscape Inkscape | =0.45.1 | |
Inkscape Inkscape | =0.46 | |
Inkscape Inkscape | =0.47 | |
Inkscape Inkscape | =0.47-pre0 | |
Inkscape Inkscape | =0.47-pre1 | |
Inkscape Inkscape | =0.47-pre2 | |
Inkscape Inkscape | =0.47-pre3 | |
Inkscape Inkscape | =0.47-pre4 | |
Inkscape Inkscape | =0.48 | |
Inkscape Inkscape | =0.48-pre0 | |
Inkscape Inkscape | =0.48-pre1 | |
Inkscape Inkscape | =0.48.1 | |
Inkscape Inkscape | =0.48.2 | |
Inkscape Inkscape | =0.48.3 | |
Inkscape Inkscape | <0.48.4 | |
Fedoraproject Fedora | =16 | |
Fedoraproject Fedora | =17 | |
Fedoraproject Fedora | =18 | |
Canonical Ubuntu Linux | =10.04 | |
Canonical Ubuntu Linux | =11.10 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =12.10 | |
openSUSE openSUSE | =11.4 | |
openSUSE openSUSE | =12.1 | |
openSUSE openSUSE | =12.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.