Fluid Attacks Database

Description

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	inkscape	>=0 <0.48.3.1-1.2	0.48.3.1-1.2
debian 13	inkscape	>=0 <0.48.3.1-1.2	0.48.3.1-1.2
debian 11	inkscape	>=0 <0.48.3.1-1.2	0.48.3.1-1.2
debian 14	inkscape	>=0 <0.48.3.1-1.2	0.48.3.1-1.2
rpm rhel6	inkscape	-	-

Aliases

1. CVE-2012-56562. NVD-2012-56563. OSV-DEBIAN-2012-56564. OSV-2012-56565. SECURITY-TRACKER-CVE-2012-5656

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.