InkscapeCVEs & Vulnerabilities

9 CVEs affecting Inkscape products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

inkscape 35
CVE-2021-42704HIGH

Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.

18 May 2022
7.8
CVSS
CVE-2021-42702LOW

Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.

18 May 2022
3.3
CVSS
CVE-2021-42700LOW

Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.

18 May 2022
3.3
CVSS
CVE-2012-6076MEDIUM

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.

13 Mar 2013
4.4
CVSS
CVE-2012-5656MEDIUM

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

18 Jan 2013
5.5
CVSS
CVE-2007-1463MEDIUM

Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.

21 Mar 2007
6.8
CVSS
CVE-2007-1464MEDIUM

Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.

21 Mar 2007
6.8
CVSS
CVE-2005-3885LOW

The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.

29 Nov 2005
2.1
CVSS
CVE-2005-3737MEDIUMpoc

Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.

22 Nov 2005
5.1
CVSS
← PrevPage 1 / 1Next →