CVE-2005-3737 - OpenCVE

Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Inkscape	Inkscape

Configuration 1 [-]

OR	cpe:2.3:a:inkscape:inkscape:0.41:::::::*
	cpe:2.3:a:inkscape:inkscape:0.42:::::::*
	cpe:2.3:a:inkscape:inkscape:0.42.1:::::::*
	cpe:2.3:a:inkscape:inkscape:0.42.2:::::::*

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894
http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1
http://secunia.com/advisories/17651	Vendor Advisory
http://secunia.com/advisories/17662	Patch Vendor Advisory
http://secunia.com/advisories/17778
http://secunia.com/advisories/17882
http://securityreason.com/securityalert/58
http://www.debian.org/security/2005/dsa-916
http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml
http://www.novell.com/linux/security/advisories/2005_28_sr.html
http://www.securityfocus.com/bid/15507	Exploit Patch
http://www.ubuntulinux.org/usn/usn-217-1
http://www.vupen.com/english/advisories/2005/2511

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-22T00:00:00

Updated: 2005-11-30T10:00:00

Reserved: 2005-11-21T00:00:00

Link: CVE-2005-3737

JSON object: View

NVD Information

Status : Modified

Published: 2005-11-22T00:03:00.000

Modified: 2011-03-08T02:27:03.297

Link: CVE-2005-3737

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-19T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2005-11-30T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200511-22", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"}, {"name": "SUSE-SR:2005:028", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"}, {"name": "17778", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17778"}, {"name": "17651", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17651"}, {"name": "USN-217-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntulinux.org/usn/usn-217-1"}, {"name": "15507", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15507"}, {"name": "17882", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17882"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1"}, {"name": "ADV-2005-2511", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2511"}, {"name": "DSA-916", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-916"}, {"name": "58", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/58"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"}, {"name": "17662", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17662"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3737", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200511-22", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"}, {"name": "SUSE-SR:2005:028", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"}, {"name": "17778", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17778"}, {"name": "17651", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17651"}, {"name": "USN-217-1", "refsource": "UBUNTU", "url": "http://www.ubuntulinux.org/usn/usn-217-1"}, {"name": "15507", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15507"}, {"name": "17882", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17882"}, {"name": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1", "refsource": "CONFIRM", "url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1"}, {"name": "ADV-2005-2511", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2511"}, {"name": "DSA-916", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-916"}, {"name": "58", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/58"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"}, {"name": "17662", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17662"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3737", "datePublished": "2005-11-22T00:00:00", "dateReserved": "2005-11-21T00:00:00", "dateUpdated": "2005-11-30T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*", "matchCriteriaId": "A061EEF7-FBD3-4BBD-BCAA-9F765567C606", "vulnerable": true}, {"criteria": "cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*", "matchCriteriaId": "57038D30-192C-4899-A705-E951E162B871", "vulnerable": true}, {"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.1:*:*:*:*:*:*:*", "matchCriteriaId": "45441330-3BDD-4F8F-B128-0C431AB9A9C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*", "matchCriteriaId": "4783CB07-5F32-4FF6-85D4-2F3FE21DD75B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el importador SVG (style.cpp) de inkscape 0.41 a 0.42.2 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n importando un fichero SVG malicioso con valores de hoja de estilos CSS largos."}], "id": "CVE-2005-3737", "lastModified": "2011-03-08T02:27:03.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2005-11-22T00:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"}, {"source": "cve@mitre.org", "url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17651"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17662"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/17778"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/17882"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/58"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2005/dsa-916"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/15507"}, {"source": "cve@mitre.org", "url": "http://www.ubuntulinux.org/usn/usn-217-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2005/2511"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}