The rasterization process in Inkscape prior to 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
inkscape inkscape |
||
fedoraproject fedora 17 |
||
fedoraproject fedora 16 |
||
fedoraproject fedora 18 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.04 |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.2 |
||
opensuse opensuse 12.1 |