Vulnerabilities > CVE-2012-5656 - XXE vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-118.NASL description Inkscape was updated to fix two security issues : - inkscape occasionaly tries to open EPS files from /tmp (bnc#796306, CVE-2012-6076). - inkscape could load XML from external hosts (bnc#794958, CWE-827, CVE-2012-5656). last seen 2020-06-05 modified 2014-06-13 plugin id 74889 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74889 title openSUSE Security Update : inkscape (openSUSE-SU-2013:0294-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-118. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74889); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-5656", "CVE-2012-6076"); script_name(english:"openSUSE Security Update : inkscape (openSUSE-SU-2013:0294-1)"); script_summary(english:"Check for the openSUSE-2013-118 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Inkscape was updated to fix two security issues : - inkscape occasionaly tries to open EPS files from /tmp (bnc#796306, CVE-2012-6076). - inkscape could load XML from external hosts (bnc#794958, CWE-827, CVE-2012-5656)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=794958" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=796306" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html" ); script_set_attribute( attribute:"solution", value:"Update the affected inkscape packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-extensions-dia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-extensions-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-extensions-fig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-extensions-gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-extensions-skencil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:inkscape-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1|SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-debuginfo-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-debugsource-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-extensions-dia-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-extensions-extra-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-extensions-fig-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-extensions-gimp-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-extensions-skencil-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"inkscape-lang-0.48.2-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-debuginfo-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-debugsource-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-extensions-dia-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-extensions-extra-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-extensions-fig-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-extensions-gimp-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-extensions-skencil-0.48.3.1-5.9.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"inkscape-lang-0.48.3.1-5.9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "inkscape"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2012-20643.NASL description Fix XXE flaw, man page ownership. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-12-24 plugin id 63330 published 2012-12-24 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63330 title Fedora 18 : inkscape-0.48.4-1.fc18 (2012-20643) NASL family Fedora Local Security Checks NASL id FEDORA_2012-20621.NASL description Fix XXE flaw, man page ownership. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-07 plugin id 63390 published 2013-01-07 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63390 title Fedora 16 : inkscape-0.48.4-1.fc16 (2012-20621) NASL family SuSE Local Security Checks NASL id SUSE_INKSCAPE-8471.NASL description inkscape has been updated to fix a XXE (Xml eXternal Entity) attack during rasterization of SVG images. (CVE-2012-5656), where the rendering of malicious SVG images could have connected from inkscape to internal hosts. last seen 2020-06-05 modified 2013-02-27 plugin id 64908 published 2013-02-27 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64908 title SuSE 10 Security Update : inkscape (ZYPP Patch Number 8471) NASL family SuSE Local Security Checks NASL id SUSE_SU-2013-0350-1.NASL description inkscape has been updated to fix a XXE (Xml eXternal Entity) attack during rasterization of SVG images. (CVE-2012-5656), where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83576 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83576 title SUSE SLED10 Security Update : inkscape (SUSE-SU-2013:0350-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-20620.NASL description Fix XXE flaw, man page ownership. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-07 plugin id 63389 published 2013-01-07 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63389 title Fedora 17 : inkscape-0.48.4-1.fc17 (2012-20620) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1712-1.NASL description It was discoverd that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. (CVE-2012-5656) It was discovered that Inkscape attempted to open certain files from the /tmp directory instead of the current directory. A local attacker could trick a user into opening a different file than the one that was intended. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-6076). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64375 published 2013-01-31 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64375 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : inkscape vulnerabilities (USN-1712-1) NASL family SuSE Local Security Checks NASL id SUSE_11_INKSCAPE-130220.NASL description inkscape was updated to fix a XXE (Xml eXternal Entity) attack during rasterization of SVG images (CVE-2012-5656), where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Also inkscape would have loaded .EPS files from untrusted /tmp occasionaly instead from the current directory. (CVE-2012-6076) last seen 2020-06-05 modified 2013-02-27 plugin id 64906 published 2013-02-27 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64906 title SuSE 11.2 Security Update : inkscape (SAT Patch Number 7380)
References
- http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931
- http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931
- http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html
- http://www.openwall.com/lists/oss-security/2012/12/20/3
- http://www.openwall.com/lists/oss-security/2012/12/20/3
- http://www.securityfocus.com/bid/56965
- http://www.securityfocus.com/bid/56965
- http://www.ubuntu.com/usn/USN-1712-1
- http://www.ubuntu.com/usn/USN-1712-1
- https://bugs.launchpad.net/inkscape/+bug/1025185
- https://bugs.launchpad.net/inkscape/+bug/1025185
- https://launchpad.net/inkscape/+milestone/0.48.4
- https://launchpad.net/inkscape/+milestone/0.48.4