Описание
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| inkscape | fixed | 1.4-4 | package | |
| inkscape | not-affected | bullseye | package |
Примечания
https://gitlab.com/inkscape/inkscape/-/work_items/3557
https://gitlab.com/inkscape/inkscape/-/merge_requests/5269
Fixed by: https://gitlab.com/inkscape/inkscape/-/commit/5b7e540900ebdfa6a5d6c5475193f5025160dbc5 (INKSCAPE_1_3)
EPSS
Связанные уязвимости
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
EPSS