Vulnerabilities (CVE)

Filtered by vendor Inkscape Subscribe
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-3885 1 Inkscape 1 Inkscape 2024-11-21 2.1 LOW N/A
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
CVE-2005-3737 1 Inkscape 1 Inkscape 2024-11-21 5.1 MEDIUM N/A
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
CVE-2021-42700 1 Inkscape 1 Inkscape 2024-02-28 3.5 LOW 3.3 LOW
Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.
CVE-2021-42702 1 Inkscape 1 Inkscape 2024-02-28 4.3 MEDIUM 3.3 LOW
Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.
CVE-2021-42704 1 Inkscape 1 Inkscape 2024-02-28 6.8 MEDIUM 7.8 HIGH
Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.
CVE-2012-6076 1 Inkscape 1 Inkscape 2024-02-28 4.4 MEDIUM N/A
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
CVE-2012-5656 4 Canonical, Fedoraproject, Inkscape and 1 more 4 Ubuntu Linux, Fedora, Inkscape and 1 more 2024-02-28 2.1 LOW 5.5 MEDIUM
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
CVE-2007-1463 2 Inkscape, Ubuntu 2 Inkscape, Ubuntu Linux 2024-02-28 6.8 MEDIUM N/A
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
CVE-2007-1464 1 Inkscape 1 Inkscape 2024-02-28 6.8 MEDIUM N/A
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.