888249 – (CVE-2012-5656) CVE-2012-5656 inkscape: XXE via SVG rasterization

Bug 888249 (CVE-2012-5656) - CVE-2012-5656 inkscape: XXE via SVG rasterization

Summary: CVE-2012-5656 inkscape: XXE via SVG rasterization

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2012-5656
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	888252 888253
Blocks:	888299
TreeView+	depends on / blocked

Reported:	2012-12-18 11:58 UTC by Jan Lieskovsky
Modified:	2021-06-11 21:04 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-06-11 21:04:49 UTC
Embargoed:

Attachments	(Terms of Use)
Local copy of the reproducer image (623 bytes, image/svg) 2012-12-18 12:00 UTC, Jan Lieskovsky	no flags	Details
View All

Description Jan Lieskovsky 2012-12-18 11:58:45 UTC

An XML eXternal Entity (XXE) flaw was found in the way Inkscape, a vector-based drawing program using SVG as its native file format performed rasterization of certain SVG images. A remote attacker could provide a specially-crafted SVG image that, when opened in inkscape would lead to arbitrary local file disclosure or denial of service.

References:
[1] https://bugs.launchpad.net/inkscape/+bug/1025185
[2] http://www.openwall.com/lists/oss-security/2012/12/17/6
[3] https://bugzilla.novell.com/show_bug.cgi?id=794958

Reproducer:
[4] https://bugs.launchpad.net/inkscape/+bug/1025185/comments/1

Comment 1 Jan Lieskovsky 2012-12-18 12:00:20 UTC

Created attachment 665463 [details]
Local copy of the reproducer image

(from https://bugs.launchpad.net/inkscape/+bug/1025185/comments/1)

Comment 2 Jan Lieskovsky 2012-12-18 12:02:01 UTC

This issue affects the version of the inkscape package, as shipped with Red Hat Enterprise Linux 6.

--

This issue affects the versions of the inkscape package, as shipped with Fedora release of 16 and 17. Please schedule an update (once there is final upstream patch available).

--

This issue affects the version of the inkscape package, as shipped with Fedora EPEL 5. Please schedule an update (once there is final upstream patch available).

Comment 3 Jan Lieskovsky 2012-12-18 12:03:13 UTC

Created inkscape tracking bugs for this issue

Affects: fedora-all [bug 888252]
Affects: epel-5 [bug 888253]

Comment 5 Jan Lieskovsky 2012-12-19 10:29:40 UTC

Upstream patch:
[5] http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931

Comment 6 Huzaifa S. Sidhpurwala 2012-12-20 05:58:27 UTC

This issue has been assigned CVE-2012-5656 via:
http://seclists.org/oss-sec/2012/q4/497

Comment 7 Fedora Update System 2012-12-23 04:36:54 UTC

inkscape-0.48.4-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2013-01-05 06:48:35 UTC

inkscape-0.48.4-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2013-01-05 06:54:42 UTC

inkscape-0.48.4-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Product Security DevOps Team 2021-06-11 21:04:49 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2012-5656

Note You need to log in before you can comment on or make changes to this bug.