Permissions, Privileges, and Access Controls in inkscape - CVE-2012-6076
Published: March 13, 2013 / Updated: August 11, 2020
Vulnerability identifier: #VU43010
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2012-6076
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
inkscape
inkscape
Software vendor:
inkscape.org
inkscape.org
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
Remediation
Install update from vendor's website.
External links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html
- http://www.openwall.com/lists/oss-security/2012/12/30/2
- http://www.ubuntu.com/usn/USN-1712-1
- https://bugs.launchpad.net/inkscape/+bug/911146