Vulnerabilities > CVE-2012-5656 - XXE vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

nessus

NVD

Published: 2013-01-18

Updated: 2024-02-15

Summary

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Vulnerable Configurations

Part	Description	Count
Application	Inkscape Inkscape Inkscape 0.37 Inkscape Inkscape 0.38.1 Inkscape Inkscape 0.39 Inkscape Inkscape 0.40 Inkscape Inkscape 0.41 Inkscape Inkscape 0.42 Inkscape Inkscape 0.42.2 Inkscape Inkscape 0.43 Inkscape Inkscape 0.44 Inkscape Inkscape 0.44.1 Inkscape Inkscape 0.45.1 Inkscape Inkscape 0.46 Inkscape Inkscape 0.47 Inkscape Inkscape 0.48 Inkscape Inkscape 0.48.1 Inkscape Inkscape 0.48.2 Inkscape Inkscape 0.48.3 Inkscape Inkscape 0.48.3.1	25
OS	Fedoraproject Fedoraproject Fedora 17 Fedoraproject Fedora 16 Fedoraproject Fedora 18	3
OS	Canonical Canonical Ubuntu Linux 11.10 Canonical Ubuntu Linux 12.10 Canonical Ubuntu Linux 10.04 Canonical Ubuntu Linux 12.04	4
OS	Opensuse Opensuse Opensuse 11.4 Opensuse Opensuse 12.2 Opensuse Opensuse 12.1	3

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-118.NASL
description	Inkscape was updated to fix two security issues : - inkscape occasionaly tries to open EPS files from /tmp (bnc#796306, CVE-2012-6076). - inkscape could load XML from external hosts (bnc#794958, CWE-827, CVE-2012-5656).
last seen	2020-06-05
modified	2014-06-13
plugin id	74889
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74889
title	openSUSE Security Update : inkscape (openSUSE-SU-2013:0294-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-118. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74889); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-5656", "CVE-2012-6076"); script_name(english:"openSUSE Security Update : inkscape (openSUSE-SU-2013:0294-1)"); script_summary(english:"Check for the openSUSE-2013-118 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Inkscape was updated to fix two security issues : - inkscape occasionaly tries to open EPS files from /tmp (bnc#796306, CVE-2012-6076). - inkscape could load XML from external hosts (bnc#794958, CWE-827, CVE-2012-5656)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=794958" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=796306" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html" ); script_set_attribute( attribute:"solution", value:"Update the affected inkscape packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-extensions-dia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-extensions-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-extensions-fig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-extensions-gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-extensions-skencil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1\|SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-debuginfo-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-debugsource-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-extensions-dia-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-extensions-extra-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-extensions-fig-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-extensions-gimp-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-extensions-skencil-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-lang-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-debuginfo-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-debugsource-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-extensions-dia-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-extensions-extra-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-extensions-fig-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-extensions-gimp-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-extensions-skencil-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-lang-0.48.3.1-5.9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "inkscape"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-20643.NASL
description	Fix XXE flaw, man page ownership. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-12-24
plugin id	63330
published	2012-12-24
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63330
title	Fedora 18 : inkscape-0.48.4-1.fc18 (2012-20643)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-20621.NASL
description	Fix XXE flaw, man page ownership. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-01-07
plugin id	63390
published	2013-01-07
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63390
title	Fedora 16 : inkscape-0.48.4-1.fc16 (2012-20621)

NASL family	SuSE Local Security Checks
NASL id	SUSE_INKSCAPE-8471.NASL
description	inkscape has been updated to fix a XXE (Xml eXternal Entity) attack during rasterization of SVG images. (CVE-2012-5656), where the rendering of malicious SVG images could have connected from inkscape to internal hosts.
last seen	2020-06-05
modified	2013-02-27
plugin id	64908
published	2013-02-27
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64908
title	SuSE 10 Security Update : inkscape (ZYPP Patch Number 8471)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2013-0350-1.NASL
description	inkscape has been updated to fix a XXE (Xml eXternal Entity) attack during rasterization of SVG images. (CVE-2012-5656), where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-05-20
plugin id	83576
published	2015-05-20
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/83576
title	SUSE SLED10 Security Update : inkscape (SUSE-SU-2013:0350-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-20620.NASL
description	Fix XXE flaw, man page ownership. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-01-07
plugin id	63389
published	2013-01-07
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63389
title	Fedora 17 : inkscape-0.48.4-1.fc17 (2012-20620)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1712-1.NASL
description	It was discoverd that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. (CVE-2012-5656) It was discovered that Inkscape attempted to open certain files from the /tmp directory instead of the current directory. A local attacker could trick a user into opening a different file than the one that was intended. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-6076). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	64375
published	2013-01-31
reporter	Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64375
title	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : inkscape vulnerabilities (USN-1712-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_INKSCAPE-130220.NASL
description	inkscape was updated to fix a XXE (Xml eXternal Entity) attack during rasterization of SVG images (CVE-2012-5656), where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Also inkscape would have loaded .EPS files from untrusted /tmp occasionaly instead from the current directory. (CVE-2012-6076)
last seen	2020-06-05
modified	2013-02-27
plugin id	64906
published	2013-02-27
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64906
title	SuSE 11.2 Security Update : inkscape (SAT Patch Number 7380)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References