Upstream information

CVE-2012-5656 at MITRE

Description

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.11
Vector AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 794958 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • inkscape >= 0.46-62.38.1
  • inkscape-extensions-dia >= 0.46-62.38.1
  • inkscape-extensions-extra >= 0.46-62.38.1
  • inkscape-extensions-fig >= 0.46-62.38.1
  • inkscape-extensions-gimp >= 0.46-62.38.1
  • inkscape-lang >= 0.46-62.38.1
Patchnames:
sledsp2-inkscape
SUSE Linux Enterprise Software Development Kit 11 SP2
  • inkscape >= 0.46-62.38.1
  • inkscape-extensions-dia >= 0.46-62.38.1
  • inkscape-extensions-extra >= 0.46-62.38.1
  • inkscape-extensions-fig >= 0.46-62.38.1
  • inkscape-extensions-gimp >= 0.46-62.38.1
  • inkscape-lang >= 0.46-62.38.1
Patchnames:
sdksp2-inkscape
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Software Development Kit 11 SP2
  • inkscape >= 0.46-62.38.1
  • inkscape-extensions-dia >= 0.46-62.38.1
  • inkscape-extensions-extra >= 0.46-62.38.1
  • inkscape-extensions-fig >= 0.46-62.38.1
  • inkscape-extensions-gimp >= 0.46-62.38.1
  • inkscape-lang >= 0.46-62.38.1
Builds
SAT Patch Nr: 7380
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • inkscape >= 0.43-20.22.1
Builds
ZYPP Patch Nr: 8471
openSUSE Evergreen 11.4
  • inkscape >= 0.48.1-8.1
  • inkscape-debuginfo >= 0.48.1-8.1
  • inkscape-debugsource >= 0.48.1-8.1
  • inkscape-extensions-dia >= 0.48.1-8.1
  • inkscape-extensions-extra >= 0.48.1-8.1
  • inkscape-extensions-fig >= 0.48.1-8.1
  • inkscape-extensions-gimp >= 0.48.1-8.1
  • inkscape-extensions-skencil >= 0.48.1-8.1
  • inkscape-lang >= 0.48.1-8.1
Patchnames:
2013-26