Vulnerability in Inkscape

CVE-2012-6076

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.

EPSS: 0.001 (30.4th percentile) — read the EPSS interpretation.

Affected products

Inkscape — versions 0.37, 0.38.1, 0.39
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory (mailing-list, x_refsource_MLIST)
USN-1712-1 (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
openSUSE-SU-2013:0294 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2013:0297 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_MISC)