Red Hat Bugzilla – Bug 891331
CVE-2012-6076 inkscape: Reads .eps files from /tmp instead of current working directory
Last modified: 2015-07-31 02:56:16 EDT
An untrusted directory search path vulnerability was found in the way Inkscape, a vector graphics editor, using the W3C standard Scalable Vector Graphics (SVG) file format, loaded EPS (Encapsulated PostScript) files. A local attacker could use this flaw to execute arbitrary PostScript code with the privileges of the user running the inkscape executable.
 https://bugs.launchpad.net/inkscape/+bug/911146/comments/2 (but see also subsequent comments wrt to the patch regression)
This issue affects the version of the inkscape package, as shipped with Red Hat Enterprise Linux 6.
This issue affects the versions of the inkscape package, as shipped with Fedora release of 16 and 17. Please schedule an update.
This issue affects the version of the inkscape package, as shipped with Fedora EPEL 5. Please schedule an update.
Created inkscape tracking bugs for this issue
Affects: fedora-all [bug 891335]
Affects: epel-5 [bug 891336]
This issue affects the version of inkscape as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
My reading of 911146 is that 0.48.4 is not affected, which would cover all of Fedora. I'll look at a patch for 0.46 for EL-5.