CVE-2005-3737
published 2005-11-22CVE-2005-3737: Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long…
PriorityP429medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
13.42%
95.9th percentile
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | inkscape | < inkscape 0.43-1 (bookworm) | inkscape 0.43-1 (bookworm) |
| inkscape | inkscape | — | — |
| inkscape | inkscape | — | — |
| inkscape | inkscape | — | — |
| inkscape | inkscape | — | — |
| inkscape | inkscape | >= 0 < 0.43-1 | 0.43-1 |
| inkscape | inkscape | >= 0 < 0.43-1 | 0.43-1 |
| inkscape | inkscape | >= 0 < 0.43-1 | 0.43-1 |
| inkscape | inkscape | >= 0 < 0.43-1 | 0.43-1 |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vrpq-h3wp-3cp5: Buffer overflow in the SVG importer (style
ghsa_unreviewed·2022-05-01
CVE-2005-3737 [MEDIUM] GHSA-vrpq-h3wp-3cp5: Buffer overflow in the SVG importer (style
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
OSV
CVE-2005-3737: Buffer overflow in the SVG importer (style
osv·2005-11-22·CVSS 5.1
CVE-2005-3737 [MEDIUM] CVE-2005-3737: Buffer overflow in the SVG importer (style
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
Debian
CVE-2005-3737: inkscape - Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 ...
vendor_debian·2005·CVSS 5.1
CVE-2005-3737 [MEDIUM] CVE-2005-3737: inkscape - Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 ...
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
Scope: local
bookworm: resolved (fixed in 0.43-1)
bullseye: resolved (fixed in 0.43-1)
forky: resolved (fixed in 0.43-1)
sid: resolved (fixed in 0.43-1)
trixie: resolved (fixed in 0.43-1)
No detection rules found.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1http://secunia.com/advisories/17651http://secunia.com/advisories/17662http://secunia.com/advisories/17778http://secunia.com/advisories/17882http://securityreason.com/securityalert/58http://www.debian.org/security/2005/dsa-916http://www.gentoo.org/security/en/glsa/glsa-200511-22.xmlhttp://www.novell.com/linux/security/advisories/2005_28_sr.htmlhttp://www.securityfocus.com/bid/15507http://www.ubuntulinux.org/usn/usn-217-1http://www.vupen.com/english/advisories/2005/2511http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1http://secunia.com/advisories/17651http://secunia.com/advisories/17662http://secunia.com/advisories/17778http://secunia.com/advisories/17882http://securityreason.com/securityalert/58http://www.debian.org/security/2005/dsa-916http://www.gentoo.org/security/en/glsa/glsa-200511-22.xmlhttp://www.novell.com/linux/security/advisories/2005_28_sr.htmlhttp://www.securityfocus.com/bid/15507http://www.ubuntulinux.org/usn/usn-217-1http://www.vupen.com/english/advisories/2005/2511
2005-11-22
Published