CVE-2005-3885

The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501
http://secunia.com/advisories/16343
http://secunia.com/advisories/17882
http://secunia.com/advisories/17886
http://www.debian.org/security/2005/dsa-916
http://www.securityfocus.com/bid/14522	Patch
https://usn.ubuntu.com/223-1/

Configurations

Configuration 1 (hide)

cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-11-29 19:03

Updated : 2023-12-10 10:28

NVD link : CVE-2005-3885

Mitre link : CVE-2005-3885

CVE.ORG link : CVE-2005-3885

JSON object : View

Products Affected

inkscape

inkscape

CWE

NVD-CWE-Other

2.1 /10