VDB
CVE-2012-5656
CVE-2012-5656
PUBLISHED
CVSS 5.5 MEDIUM
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
EPSS 0.05% · 16.5th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.05%
16.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| inkscape | inkscape | 0 |
| fedoraproject | fedora | 16, 18, 17 |
| canonical | ubuntu_linux | 10.04, 11.10, 12.04 |
| n/a | n/a | n/a |
| opensuse | opensuse | 12.2, 12.1, 11.4 |
Timeline
- Jan 18, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- [oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images mailing-list
- FEDORA-2012-20620 vendor-advisory
- http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931 url
- USN-1712-1 vendor-advisory
- https://launchpad.net/inkscape/+milestone/0.48.4 url
- 56965 vdb
- https://bugs.launchpad.net/inkscape/+bug/1025185 url
- FEDORA-2012-20621 vendor-advisory
- openSUSE-SU-2013:0294 vendor-advisory
- openSUSE-SU-2013:0297 vendor-advisory
- FEDORA-2012-20643 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2012-5656 advisory