CVE-2005-3737

Severity

51%

Complexity

49%

Confidentiality

106%

Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.

Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.

CVSS 2.0 Base Score 5.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P).

Overview

Type

inkscape

First reported 19 years ago

2005-11-22 00:03:00

Last updated 13 years ago

2011-03-08 02:27:00

Affected Software

inkscape 0.41

0.41

inkscape 0.42

0.42

inkscape 0.42.2

0.42.2

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894

http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1

17651

Vendor Advisory

17662

Patch, Vendor Advisory

17778

17882

58

DSA-916

GLSA-200511-22

SUSE-SR:2005:028

15507

Exploit, Patch

USN-217-1

ADV-2005-2511

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.