Red Hat Bugzilla – Full Text Bug Listing
|Summary:||CVE-2012-5656 inkscape: XXE via SVG rasterization|
|Product:||[Other] Security Response||Reporter:||Jan Lieskovsky <jlieskov>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||NEW ---||QA Contact:|
|Version:||unspecified||CC:||aca21, ddumas, duffy, jspaleta, limburgher, lkundrak|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||888252, 888253|
Description Jan Lieskovsky 2012-12-18 06:58:45 EST
An XML eXternal Entity (XXE) flaw was found in the way Inkscape, a vector-based drawing program using SVG as its native file format performed rasterization of certain SVG images. A remote attacker could provide a specially-crafted SVG image that, when opened in inkscape would lead to arbitrary local file disclosure or denial of service. References:  https://bugs.launchpad.net/inkscape/+bug/1025185  http://www.openwall.com/lists/oss-security/2012/12/17/6  https://bugzilla.novell.com/show_bug.cgi?id=794958 Reproducer:  https://bugs.launchpad.net/inkscape/+bug/1025185/comments/1
Comment 1 Jan Lieskovsky 2012-12-18 07:00:20 EST
Created attachment 665463 [details] Local copy of the reproducer image (from https://bugs.launchpad.net/inkscape/+bug/1025185/comments/1)
Comment 2 Jan Lieskovsky 2012-12-18 07:02:01 EST
This issue affects the version of the inkscape package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the inkscape package, as shipped with Fedora release of 16 and 17. Please schedule an update (once there is final upstream patch available). -- This issue affects the version of the inkscape package, as shipped with Fedora EPEL 5. Please schedule an update (once there is final upstream patch available).
Comment 3 Jan Lieskovsky 2012-12-18 07:03:13 EST
Created inkscape tracking bugs for this issue Affects: fedora-all [bug 888252] Affects: epel-5 [bug 888253]
Comment 4 Huzaifa S. Sidhpurwala 2012-12-18 22:57:39 EST
Statement: This issue affects the version of inkscape as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Comment 5 Jan Lieskovsky 2012-12-19 05:29:40 EST
Upstream patch:  http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931
Comment 6 Huzaifa S. Sidhpurwala 2012-12-20 00:58:27 EST
This issue has been assigned CVE-2012-5656 via: http://seclists.org/oss-sec/2012/q4/497
Comment 7 Fedora Update System 2012-12-22 23:36:54 EST
inkscape-0.48.4-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2013-01-05 01:48:35 EST
inkscape-0.48.4-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2013-01-05 01:54:42 EST
inkscape-0.48.4-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.