The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00052
Percentile: 0.161

CVSS Scoring

Mapped CWE(s)

• CWE-611 : Improper Restriction of XML External Entity Reference

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
• cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
• cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
• cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

← Back to Home