Published: 21/03/2007 Updated: 16/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Format string vulnerability in Inkscape prior to 0.45.1 allows user-assisted remote malicious users to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.

Affected Products

Vendor Product Versions
InkscapeInkscape0.40, 0.41, 0.42, 0.42.1, 0.42.2, 0.43, 0.44

Vendor Advisories

A flaw was discovered in Inkscape’s use of format strings If a user were tricked into opening a specially crafted URI in Inkscape, a remote attacker could execute arbitrary code with user privileges ...