CVE-2012-6076
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
12/03/2013
Last modified:
18/03/2013
Description
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
Impact
Base Score 2.0
4.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:inkscape:inkscape:*:*:*:*:*:*:*:* | 0.48.3.1 (including) | |
| cpe:2.3:a:inkscape:inkscape:0.37:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.38.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.39:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.40:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.43:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.44:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.44.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.45.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.46:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.47:*:*:*:*:*:*:* | ||
| cpe:2.3:a:inkscape:inkscape:0.47:pre0:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html
- http://www.openwall.com/lists/oss-security/2012/12/30/2
- http://www.ubuntu.com/usn/USN-1712-1
- https://bugs.launchpad.net/inkscape/+bug/911146