GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Nov 28, 2005 10:23 am Post subject: [ GLSA 200511-22 ] Inkscape: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: Inkscape: Buffer overflow (GLSA 200511-22)
Severity: normal
Exploitable: remote
Date: November 28, 2005
Bug(s): #109993
ID: 200511-22
Synopsis
A vulnerability has been identified that allows a specially crafted SVG file to exploit a buffer overflow and potentially execute arbitrary code when opened.
Background
Inkscape is an Open Source vector graphics editor using the W3C standard Scalable Vector Graphics (SVG) file format.
Affected Packages
Package: media-gfx/inkscape
Vulnerable: < 0.43
Unaffected: >= 0.43
Architectures: All supported architectures
Description
Joxean Koret has discovered that Inkscape incorrectly allocates memory when opening an SVG file, creating the possibility of a buffer overflow if the SVG file being opened is specially crafted.
Impact
An attacker could entice a user into opening a maliciously crafted SVG file, allowing for the execution of arbitrary code on a machine with the privileges of the user running Inkscape.
Workaround
There is no known workaround at this time.
Resolution
All Inkscape users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/inkscape-0.43" |
References
CVE-2005-3737
Last edited by GLSA on Sun May 07, 2006 4:59 pm; edited 1 time in total |
|
News & Announcements
