Vulnerability Description
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | 5.10 |
| Inkscape | Inkscape | 0.40 |
References
- http://secunia.com/advisories/24584
- http://secunia.com/advisories/24597
- http://secunia.com/advisories/24615
- http://secunia.com/advisories/24661
- http://secunia.com/advisories/24859
- http://secunia.com/advisories/25072
- http://sourceforge.net/project/shownotes.php?group_id=93438&release_id=495106Patch
- http://www.gentoo.org/security/en/glsa/glsa-200704-10.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:069
- http://www.novell.com/linux/security/advisories/2007_8_sr.html
- http://www.securityfocus.com/archive/1/463710/100/0/threaded
- http://www.securityfocus.com/bid/23070
- http://www.securityfocus.com/bid/23138
- http://www.ubuntu.com/usn/usn-438-1Vendor Advisory
- http://www.vupen.com/english/advisories/2007/1059
FAQ
What is CVE-2007-1463?
CVE-2007-1463 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain di...
How severe is CVE-2007-1463?
CVE-2007-1463 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1463?
Check the references section above for vendor advisories and patch information. Affected products include: Ubuntu Ubuntu Linux, Inkscape Inkscape.