Vulnerabilities > CVE-2007-1463 - Unspecified vulnerability in Inkscape
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 | |
| Application | 7 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_INKSCAPE-3061.NASL description Several format string problems where fixed in inkscape. - A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. (CVE-2007-1463) - Format string vulnerability in the whiteboard Jabber protocol in Inkscape allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-1464) last seen 2020-06-01 modified 2020-06-02 plugin id 29465 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29465 title SuSE 10 Security Update : inkscape (ZYPP Patch Number 3061) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29465); script_version ("1.11"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-1463", "CVE-2007-1464"); script_name(english:"SuSE 10 Security Update : inkscape (ZYPP Patch Number 3061)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Several format string problems where fixed in inkscape. - A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. (CVE-2007-1463) - Format string vulnerability in the whiteboard Jabber protocol in Inkscape allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-1464)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1463.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1464.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 3061."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"inkscape-0.43-20.5.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-438-1.NASL description A flaw was discovered in Inkscape last seen 2020-06-01 modified 2020-06-02 plugin id 28034 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28034 title Ubuntu 5.10 / 6.06 LTS / 6.10 : inkscape vulnerability (USN-438-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-438-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28034); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-1463", "CVE-2007-1464"); script_xref(name:"USN", value:"438-1"); script_name(english:"Ubuntu 5.10 / 6.06 LTS / 6.10 : inkscape vulnerability (USN-438-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "A flaw was discovered in Inkscape's use of format strings. If a user were tricked into opening a specially crafted URI in Inkscape, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/438-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected inkscape package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:inkscape"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.10|6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.10 / 6.06 / 6.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.10", pkgname:"inkscape", pkgver:"0.42-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"inkscape", pkgver:"0.43-4ubuntu3.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"inkscape", pkgver:"0.44-1ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "inkscape"); }NASL family SuSE Local Security Checks NASL id SUSE_INKSCAPE-3062.NASL description Several format string problems where fixed in inkscape. CVE-2007-1463: A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. CVE-2007-1464: Format string vulnerability in the whiteboard Jabber protocol in Inkscape allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 27272 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27272 title openSUSE 10 Security Update : inkscape (inkscape-3062) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update inkscape-3062. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27272); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-1463", "CVE-2007-1464"); script_name(english:"openSUSE 10 Security Update : inkscape (inkscape-3062)"); script_summary(english:"Check for the inkscape-3062 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several format string problems where fixed in inkscape. CVE-2007-1463: A format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. CVE-2007-1464: Format string vulnerability in the whiteboard Jabber protocol in Inkscape allows user-assisted remote attackers to execute arbitrary code via unspecified vectors." ); script_set_attribute( attribute:"solution", value:"Update the affected inkscape package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"inkscape-0.43-20.5.3") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"inkscape-0.44.1-26.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "inkscape"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200704-10.NASL description The remote host is affected by the vulnerability described in GLSA-200704-10 (Inkscape: Two format string vulnerabilities) Kees Cook has discovered two vulnerabilities in Inkscape. The application does not properly handle format string specifiers in some dialog boxes. Inkscape is also vulnerable to another format string error in its Jabber whiteboard protocol. Impact : A remote attacker could entice a user to open a specially crafted URI, possibly leading to execution of arbitrary code with the privileges of the user running Inkscape. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25055 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25055 title GLSA-200704-10 : Inkscape: Two format string vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200704-10. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(25055); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-1463", "CVE-2007-1464"); script_xref(name:"GLSA", value:"200704-10"); script_name(english:"GLSA-200704-10 : Inkscape: Two format string vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200704-10 (Inkscape: Two format string vulnerabilities) Kees Cook has discovered two vulnerabilities in Inkscape. The application does not properly handle format string specifiers in some dialog boxes. Inkscape is also vulnerable to another format string error in its Jabber whiteboard protocol. Impact : A remote attacker could entice a user to open a specially crafted URI, possibly leading to execution of arbitrary code with the privileges of the user running Inkscape. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200704-10" ); script_set_attribute( attribute:"solution", value: "All Inkscape users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/inkscape-0.45.1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:inkscape"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/19"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-gfx/inkscape", unaffected:make_list("ge 0.45.1"), vulnerable:make_list("lt 0.45.1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Inkscape"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-069.NASL description Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. Updated packages have been patched to address this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24895 published 2007-03-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24895 title Mandrake Linux Security Advisory : inkscape (MDKSA-2007:069) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:069. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24895); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-1463", "CVE-2007-1464"); script_xref(name:"MDKSA", value:"2007:069"); script_name(english:"Mandrake Linux Security Advisory : inkscape (MDKSA-2007:069)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. Updated packages have been patched to address this issue." ); script_set_attribute( attribute:"solution", value:"Update the affected inkscape package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:inkscape"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"inkscape-0.44-4.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://secunia.com/advisories/24584
- http://secunia.com/advisories/24597
- http://secunia.com/advisories/24615
- http://secunia.com/advisories/24661
- http://secunia.com/advisories/24859
- http://secunia.com/advisories/25072
- http://sourceforge.net/project/shownotes.php?group_id=93438&release_id=495106
- http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:069
- http://www.novell.com/linux/security/advisories/2007_8_sr.html
- http://www.securityfocus.com/archive/1/463710/100/0/threaded
- http://www.securityfocus.com/bid/23070
- http://www.securityfocus.com/bid/23138
- http://www.ubuntu.com/usn/usn-438-1
- http://www.vupen.com/english/advisories/2007/1059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33163
- https://issues.rpath.com/browse/RPL-1170