Bug 2088221 (CVE-2021-42704)

Summary: CVE-2021-42704 inkscape: out-of-bounds write vulnerbility in inkscape
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: duffy, gwync, jhorak, jonathan.underwood, lkundrak, rlerch, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: No Doc Update
Doc Text:
A flaw was found in Inkscape, which is vulnerable to an out-of-bounds write. This flaw allows an attacker to execute arbitrary code.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2096831, 2096832, 2096833, 2096834, 2096835, 2096836    
Bug Blocks: 2088223    

Description Sandipan Roy 2022-05-19 03:51:15 UTC
Inkscape version 0.19 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.


Comment 1 Sandipan Roy 2022-06-14 11:58:34 UTC
Created inkscape tracking bugs for this issue:

Affects: fedora-all [bug 2096831]

Comment 3 Jan Horak 2022-08-04 14:17:38 UTC
We have inkscape 0.92 in the RHEL, so since this affects 0.91 I don't think we are affected, or do you think otherwise?