Joined: 12 May 2004
|Posted: Mon Nov 28, 2005 10:23 am Post subject: [ GLSA 200511-22 ] Inkscape: Buffer overflow
|Gentoo Linux Security Advisory
Title: Inkscape: Buffer overflow (GLSA 200511-22)
Date: November 28, 2005
A vulnerability has been identified that allows a specially crafted SVG file to exploit a buffer overflow and potentially execute arbitrary code when opened.
Inkscape is an Open Source vector graphics editor using the W3C standard Scalable Vector Graphics (SVG) file format.
Vulnerable: < 0.43
Unaffected: >= 0.43
Architectures: All supported architectures
Joxean Koret has discovered that Inkscape incorrectly allocates memory when opening an SVG file, creating the possibility of a buffer overflow if the SVG file being opened is specially crafted.
An attacker could entice a user into opening a maliciously crafted SVG file, allowing for the execution of arbitrary code on a machine with the privileges of the user running Inkscape.
There is no known workaround at this time.
All Inkscape users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/inkscape-0.43"
Last edited by GLSA on Sun May 07, 2006 4:59 pm; edited 1 time in total