Inkscape Malicious URI Format String Vulnerability
BID:23070
Info
Inkscape Malicious URI Format String Vulnerability
| Bugtraq ID: | 23070 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1463 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2007 12:00AM |
| Updated: | May 17 2007 05:48AM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 rPath rPath Linux 1 Pardus Linux 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 Inkscape Inkscape 0.44 Inkscape Inkscape 0.43 Inkscape Inkscape 0.42 Inkscape Inkscape 0.41 Inkscape Inkscape 0.40 Gentoo Linux Foresight Linux Foresight Linux 1.1 |
| Not Vulnerable: | |
Discussion
Inkscape Malicious URI Format String Vulnerability
Inkscape is prone to a format-string vulnerability.
This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
Inkscape is prone to a format-string vulnerability.
This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
Exploit / POC
Inkscape Malicious URI Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Inkscape Malicious URI Format String Vulnerability
Solution:
The vendor has released fixes to address this issue; please see the reference section for details.
Inkscape Inkscape 0.42
Inkscape Inkscape 0.43
Inkscape Inkscape 0.44
Solution:
The vendor has released fixes to address this issue; please see the reference section for details.
Inkscape Inkscape 0.42
-
Ubuntu inkscape_0.42-1ubuntu0.2_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.42-1 ubuntu0.2_amd64.deb -
Ubuntu inkscape_0.42-1ubuntu0.2_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.42-1 ubuntu0.2_i386.deb -
Ubuntu inkscape_0.42-1ubuntu0.2_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.42-1 ubuntu0.2_powerpc.deb -
Ubuntu inkscape_0.42-1ubuntu0.2_sparc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.42-1 ubuntu0.2_sparc.deb
Inkscape Inkscape 0.43
-
Ubuntu inkscape_0.43-4ubuntu3.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.43-4 ubuntu3.1_amd64.deb -
Ubuntu inkscape_0.43-4ubuntu3.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.43-4 ubuntu3.1_i386.deb -
Ubuntu inkscape_0.43-4ubuntu3.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.43-4 ubuntu3.1_powerpc.deb -
Ubuntu inkscape_0.43-4ubuntu3.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.43-4 ubuntu3.1_sparc.deb
Inkscape Inkscape 0.44
-
Mandriva inkscape-0.44-4.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva inkscape-0.44-4.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Ubuntu inkscape_0.44-1ubuntu2.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.44-1 ubuntu2.1_amd64.deb -
Ubuntu inkscape_0.44-1ubuntu2.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.44-1 ubuntu2.1_i386.deb -
Ubuntu inkscape_0.44-1ubuntu2.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.44-1 ubuntu2.1_powerpc.deb -
Ubuntu inkscape_0.44-1ubuntu2.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/i/inkscape/inkscape_0.44-1 ubuntu2.1_sparc.deb
References
Inkscape Malicious URI Format String Vulnerability
References:
References:
- inkscape remote arbitrary code execution CVE-2007-146{3,4} (Foresight Linux)
- Vendor Homepage (Inkscape)
- FLEA-2007-0002-1: inkscape (Foresight Linux Essential Announcement Service