Inkscape SVG图像缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109274 漏洞类型 缓冲区溢出
发布时间 2005-11-21 更新时间 2005-11-21
CVE编号 CVE-2005-3737 CNNVD-ID CNNVD-200511-286
漏洞平台 Linux CVSS评分 5.1
|漏洞来源
https://www.exploit-db.com/exploits/26540
https://www.securityfocus.com/bid/15507
https://cxsecurity.com/issue/WLB-2005100018
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200511-286
|漏洞详情
inkscape是一个开放原始码的向量绘图软件。inkscape0.41至0.42.2的SVG导入程序(stylecpp)中的缓冲区溢出,可能让远程攻击者通过具有长CSS样式属性值的SVG文件执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/15507/info

Inkscape is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before copying it into a finite sized buffer.

When the application processes a malformed SVG image file, it results in a buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code in the context of the victim user. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/26540.svg
|受影响的产品
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S
|参考资料

来源:BID
名称:15507
链接:http://www.securityfocus.com/bid/15507
来源:SECUNIA
名称:17662
链接:http://secunia.com/advisories/17662
来源:UBUNTU
名称:USN-217-1
链接:http://www.ubuntulinux.org/usn/usn-217-1
来源:SUSE
名称:SUSE-SR:2005:028
链接:http://www.novell.com/linux/security/advisories/2005_28_sr.html
来源:GENTOO
名称:GLSA-200511-22
链接:http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml
来源:VUPEN
名称:ADV-2005-2511
链接:http://www.frsirt.com/english/advisories/2005/2511
来源:DEBIAN
名称:DSA-916
链接:http://www.debian.org/security/2005/dsa-916
来源:SECUNIA
名称:17882
链接:http://secunia.com/advisories/17882
来源:SECUNIA
名称:17778
链接:http://secunia.com/advisories/17778
来源:SECUNIA
名称:17651
链接:http://secunia.com/advisories/17651
来源:cvs.sourceforge.net
链接:http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1
来源:bugs.debian.org
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894
来源:SREASON
名称:58
链接:http://securityreason.com/securityalert/58