CVE-2012-5656

Description

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Affected packages (1)

• Debian/inkscapefrom 0, < 0.48.3.1-1.2

CVSS scores

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-5656