Launchpad CVE tracker

CVE 2012-5656

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Related bugs and status

CVE-2012-5656 (Candidate) is related to these bugs:

Bug #1025185: XXE vulnerability during rasterization of SVG images

Summary				In	Importance	Status
	1025185	XXE vulnerability during rasterization of SVG images		Inkscape	Critical	Fix Released
	1025185	XXE vulnerability during rasterization of SVG images		inkscape (Debian)	Unknown	Fix Released

Bug #1106182: Please merge Inkscape 0.48.4-0.1 (main) from Debian experimental main

Summary				In	Importance	Status
	1106182	Please merge Inkscape 0.48.4-0.1 (main) from Debian experimental main		inkscape (Ubuntu)	Wishlist	Fix Released

Bug #1416676: Unable to open certain openclipart files

Summary				In	Importance	Status
	1416676	Unable to open certain openclipart files		Inkscape	Undecided	New
	1416676	Unable to open certain openclipart files		inkscape (Debian)	Unknown	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-5656

References