Vulnerability CVE-2007-1463: Information

Description

Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.

Severity: MEDIUM (6.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2007-1463

Published: March 21, 2007

Modified: Oct. 16, 2018

References to Advisories, Solutions, and Tools

Hyperlink	Resource
23070
http://sourceforge.net/project/shownotes.php?group_id=93438&release_id=495106	Patch
USN-438-1	Vendor Advisory
https://issues.rpath.com/browse/RPL-1170
24597
24615
24584
24661
GLSA-200704-10
24859
SUSE-SR:2007:008
25072
MDKSA-2007:069
23138
ADV-2007-1059
inkscape-dialogs-format-string(33163)
20070324 FLEA-2007-0002-1: inkscape

Affected configurations:
1. Configuration 1
  Running on/with:
  cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:ubuntu:ubuntu_linux:6.06:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*
  cpe:2.3:a:inkscape:inkscape:0.40:*:*:*:*:*:*:*
  cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*
  cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*
  cpe:2.3:a:inkscape:inkscape:0.42.1:*:*:*:*:*:*:*
  cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*
  cpe:2.3:a:inkscape:inkscape:0.43:*:*:*:*:*:*:*
  cpe:2.3:a:inkscape:inkscape:0.44:*:*:*:*:*:*:*

Version: v24.4.2

Vulnerability CVE-2007-1463: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1