Permissions, Privileges, and Access Controls in inkscape - CVE-2012-6076
Published: March 13, 2013 / Updated: August 11, 2020
inkscape
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
How to mitigate CVE-2012-6076
Sources
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html
- http://www.openwall.com/lists/oss-security/2012/12/30/2
- http://www.ubuntu.com/usn/USN-1712-1
- https://bugs.launchpad.net/inkscape/+bug/911146