Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorysecurity issuefedora

Fedora 26: Inkscape Security Advisory - Critical Performance Enhancements

Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac34977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog). Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-8f27031c8f 2017-09-19 02:41:35.415951 --------------------------------------------------------------------------------Name : inkscape Product : Fedora 26 Version : 0.92.1 Release : 4.20170510bzr15686.fc26.1 URL : Summary : Vector-based drawing program using SVG Description : Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics (SVG) file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many advanced SVG features (markers, clones, alpha blending, etc.) and great care is taken in designing a streamlined interface. It is very easy to edit nodes, perform complex path operations, trace bitmaps and much more. --------------------------------------------------------------------------------Update Information: Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac34977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog). Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates. --------------------------------------------------------------------------------References: [ 1 ] Bug #1471837 - CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471837 [ 2 ] Bug #1471122 -CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471122 [ 3 ] Bug #1470670 - CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1470670 [ 4 ] Bug #1465064 - CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1465064 [ 5 ] Bug #1455602 - CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1455602 [ 6 ] Bug #1453125 - CVE-2017-9098 ImageMagick: use of uninitialized memory in RLE decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1453125 [ 7 ] Bug #1413898 - CVE-2016-9556 CVE-2016-9559 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1413898 [ 8 ] Bug #1408404 - CVE-2016-8707 ImageMagick: OOB write in convert utility when deflating TIFF files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1408404 [ 9 ] Bug #1483575 - CVE-2017-12587 ImageMagick: Resource exhaustion in ReadPWPImage function in coders\pwp.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483575 [ 10 ] Bug #1299275 - ImageMagick-7.0.6-9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1299275 [ 11 ] Bug #1483132 - CVE-2017-12433 CVE-2017-12434 CVE-2017-12435 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483132 [ 12 ] Bug #1483117 - CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12666 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483117 [ 13 ] Bug #1482655 - CVE-2017-12427 CVE-2017-12428 CVE-2017-12429CVE-2017-12430 CVE-2017-12432 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1482655 [ 14 ] Bug #1482626 - CVE-2017-12418 ImageMagick: Memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1482626 [ 15 ] Bug #1350462 - CVE-2016-5841 CVE-2016-5842 imagemagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1350462 [ 16 ] Bug #1361494 - CVE-2016-6491 ImageMagick: Out-of-bounds read in CopyMagickMemory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1361494 [ 17 ] Bug #1378790 - CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1378790 [ 18 ] Bug #1361578 - CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1361578 [ 19 ] Bug #1477566 - CVE-2017-12140 ImageMagick: integer signedness error in ReadDCMImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477566 [ 20 ] Bug #1477070 - CVE-2017-11724 CVE-2017-11750 CVE-2017-11751 CVE-2017-11752 CVE-2017-11753 CVE-2017-11754 CVE-2017-11755 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477070 [ 21 ] Bug #1475486 - CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475486 [ 22 ] Bug #1475471 - CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475471 [ 23 ] Bug #1475464 - CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage()in coders/tiff.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475464 [ 24 ] Bug #1474846 - CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1474846 [ 25 ] Bug #1474420 - CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1474420 [ 26 ] Bug #1473848 - CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473848 [ 27 ] Bug #1473825 - CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473825 [ 28 ] Bug #1473802 - CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473802 [ 29 ] Bug #1473799 - CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473799 [ 30 ] Bug #1473797 - CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473797 [ 31 ] Bug #1473775 - CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473775 [ 32 ] Bug #1473758 - CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473758 [ 33 ] Bug #1473719 - CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473719 [ 34 ] Bug #1410515 - ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1410515 [ 35 ] Bug #1479313 - synfigstudio doesn't start https://bugzilla.redhat.com/show_bug.cgi?id=1479313 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade inkscape' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Fedora 26 brings numerous enhancements for Inkscape, boosting security and performance. These updates address vulnerabilities, ensuring a safer, smoother user experience. Inkscape Update,Fedora Security,ImageMagick Fixes,Graphics Editor,Vector Graphics Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 19, 2017 Critical Fedora
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorysecurity issuecritical

Ubuntu: 1712-1 Critical: Inkscape Information Disclosure Attack

Several security issues were fixed in Inkscape.. =========================================================================Ubuntu Security Notice USN-1712-1 January 30, 2013 inkscape vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Inkscape. Software Description: - inkscape: vector-based drawing program Details: It was discoverd that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially-crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. (CVE-2012-5656) It was discovered that Inkscape attempted to open certain files from the /tmp directory instead of the current directory. A local attacker could trick a user into opening a different file than the one that was intended. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-6076) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: inkscape 0.48.3.1-1ubuntu6.1 Ubuntu 12.04 LTS: inkscape 0.48.3.1-1ubuntu1.1 Ubuntu 11.10: inkscape 0.48.2-0ubuntu1.1 Ubuntu 10.04 LTS: inkscape 0.47.0-2ubuntu2.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1712-1 CVE-2012-5656, CVE-2012-6076 Package Information: https://launchpad.net/ubuntu/+source/inkscape/0.48.3.1-1ubuntu6.1 https://launchpad.net/ubuntu/+source/inkscape/0.48.3.1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/inkscape/0.48.2-0ubuntu1.1 https://launchpad.net/ubuntu/+source/inkscape/0.47.0-2ubuntu2.1 .Multiple vulnerabilities have been addressed in Inkscape across various Ubuntu releases. It's important to upgrade your system to maintain security.. Inkscape Update, Ubuntu Security, Linux Software Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 30, 2013 Critical Ubuntu
Banner 4 1028x280 1708121825 1771600306
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorycriticalremote execution

Ubuntu: USN-438-1 Critical: Inkscape Remote Execution Threat

A flaw was discovered in Inkscape's use of format strings. If a user were tricked into opening a specially crafted URI in Inkscape, a remote attacker could execute arbitrary code with user privileges. . =========================================================== Ubuntu Security Notice USN-438-1 March 20, 2007 inkscape vulnerability CVE-2007-1463 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: inkscape 0.42-1ubuntu0.2 Ubuntu 6.06 LTS: inkscape 0.43-4ubuntu3.1 Ubuntu 6.10: inkscape 0.44-1ubuntu2.1 After a standard system upgrade you need to restart Inkscape or reboot your computer to effect the necessary changes. Details follow: A flaw was discovered in Inkscape's use of format strings. If a user were tricked into opening a specially crafted URI in Inkscape, a remote attacker could execute arbitrary code with user privileges. Updated packages for Ubuntu 5.10: Source archives: Size/MD5: 10748 2845c7245a1b7be4c5c751a27b0cc2e7 Size/MD5: 887 97c737882a0f670a9cadb7dd03f2a7d3 Size/MD5: 8001602 653c81be2fc7c80fd9895e908d3a73f1 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 6371548 5edc834d0661390802903328c979ee2a i386 architecture (x86 compatible Intel/AMD) Size/MD5: 5934276 4d1c8ac3b46ad98317cbff623c1cf83a powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 6329196 73c242a09e8445e2c5114e67d3a5326f sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 6009640 55747db48a057dad40e9ee83b0d3eedb Updated packages forUbuntu 6.06 LTS: Source archives: Size/MD5: 21982 e0849e3fa7016a4eec11a03f5135fb95 Size/MD5: 980 f12017904a2dfb65c7e575b7fa61256b Size/MD5: 9185965 e3e92da1464dcee1b42560ff073dfe36 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 7778462 54ea87b063fea676141e1b091bc1431e i386 architecture (x86 compatible Intel/AMD) Size/MD5: 7375678 05bf8ec7cb22080b6744a6408c5e5a4a powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 7865464 96d2703544dfaa08a99cca8c329d9d71 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 7503160 15fd6c1e013186acfd62e5d0a5bd7d75 Updated packages for Ubuntu 6.10: Source archives: Size/MD5: 24944 5687cda78c7255b4fdc0febb5970f861 Size/MD5: 966 179a5be63f3f4eb8df47ab51a5395335 Size/MD5: 9549500 099653446c11d2536d6c4727634eaca5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 7694504 1499a5ddf8832036d16d75b2ca1432b2 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 7522234 c1e2f801f9ba4d76ef05eecf6ce81ab5 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 7822556 734c96863c5c6d816f87c302088f88da sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 7549074 7b73eafd429383055b5021f9ebf09d5d . Ubuntu Security Notice USN-438-1 March 20, 2007 inkscape vulnerability CVE-2007-1463 A security issu. inkscape', format, strings, tricked, opening. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 20, 2007 Critical Ubuntu
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryupdatebuffer overflow

Debian: DSA 917-1 Critical: Security Issue in GIMP Image Processing

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 916-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze December 7th, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : inkscape Vulnerability : buffer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2005-3737 CVE-2005-3885 BugTraq ID : 14522 Debian Bug : 321501 330894 Several vulnerabilities have been discovered in Inkscape, a vector-based drawing program. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3737 Joxean Koret discovered a buffer overflow in the SVG parsing routines that can lead to the execution of arbitrary code. CVE-2005-3885 Javier Fern�ndez-Sanguino Pe�a noticed that the ps2epsi extension shell script uses a hardcoded temporary file making it vulnerable to symlink attacks. The old stable distribution (woody) does not contain inkscape packages. For the stable distribution (sarge) this problem has been fixed in version 0.41-4.99.sarge2. For the unstable distribution (sid) this problem has been fixed in version 0.42.2+0.43pre1-1. We recommend that you upgrade your inkscape package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 889 8e20fa91e0d4cc48dad356842e279d43 Size/MD5 checksum: 19542 16dc49a90ef6362eafb0f1185d1d3341 Size/MD5 checksum: 6090081 989a09d06e4db1ddfd00b8019a5dcd73 Alpha architecture: Size/MD5 checksum: 5976090 cd204ed15f1c5ab0603225d6b98c5b39 AMD64 architecture: Size/MD5 checksum: 5424440 2cab0898d7275fedb719e98ff1de05ea ARM architecture: Size/MD5 checksum: 5413996 5b4fd5a1d97408108cc26e0990468d63 Intel IA-32 architecture: Size/MD5 checksum: 5445836 435ce53091c87aeb6979d3b7c75a625e Intel IA-64 architecture: Size/MD5 checksum: 6580176 f855d6c9aca23aa045e4d0e391cd3e65 HP Precision architecture: Size/MD5 checksum: 5894380 f233719364af393e84eb3577c5bd3d90 Motorola 680x0 architecture: Size/MD5 checksum: 5326010 d5a122f8852512d0eef1202fad73d970 Big endian MIPS architecture: Size/MD5 checksum: 5768826 56ea6b35e2340861c4440aa650f2bd62 Little endian MIPS architecture: Size/MD5 checksum: 5760476 3f2dc329f2cc5d1597c931a234900931 PowerPC architecture: Size/MD5 checksum: 5573546 4310413071b8b30686aefb533c36c09a IBM S/390 architecture: Size/MD5 checksum: 5280106 f892057ad430c49c47ad408ed8455c8a Sun Sparc architecture: Size/MD5 checksum: 5350968 1654ffcb98846190a686440f43e691bd These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest Inkscape package update for Debian addresses critical buffer overflow vulnerabilities that could allow for arbitrary code execution.. Debian Security, Inkscape Threat, Buffer Overflow Fix. . Severity: Critical. LinuxSecurity.comTeam

Calendar 2 Dec 07, 2005 Critical Debian
Banner 4 1028x280 1708121825 1771600306
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoobuffer overflow

Gentoo: GLSA-202301-14 Critical: GIMP Memory Corruption Exploit

A vulnerability has been identified that allows a specially crafted SVG file to exploit a buffer overflow and potentially execute arbitrary code when opened. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Inkscape: Buffer overflow Date: November 28, 2005 Bugs: #109993 ID: 200511-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability has been identified that allows a specially crafted SVG file to exploit a buffer overflow and potentially execute arbitrary code when opened. Background ========= Inkscape is an Open Source vector graphics editor using the W3C standard Scalable Vector Graphics (SVG) file format. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/inkscape < 0.43 > = 0.43 Description ========== Joxean Koret has discovered that Inkscape incorrectly allocates memory when opening an SVG file, creating the possibility of a buffer overflow if the SVG file being opened is specially crafted. Impact ===== An attacker could entice a user into opening a maliciously crafted SVG file, allowing for the execution of arbitrary code on a machine with the privileges of the user running Inkscape. Workaround ========= There is no known workaround at this time. Resolution ========= All Inkscape users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-gfx/inkscape-0.43" References ========= [ 1 ] CVE-2005-3737 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200511-22 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . The Gentoo security alert GLSA 202311-15 reveals a critical stack-based buffer overflow vulnerability in Inkscape. All users must urgently upgrade their systems. Inkscape Buffer Overflow,Gentoo Security Advisory,SVG Vulnerability,Code Execution Threat. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 28, 2005 Critical Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here