forwarded 330894 [EMAIL PROTECTED] Thanks
Hi Joxean! On Fri, Sep 30, 2005 at 12:51:04PM +0200, Joxean Koret wrote: > Subject: inkscape: Arbitrary code execution opening a file > Package: inkscape > Version: 0.41-4.99.sarge0 > Severity: grave > Justification: user security hole > > Inkscape is vulnerable to, almost, one buffer overflow that may allow > arbitrary code execution. I contacted the Inkscape team but, at the > moment, there is no patch for the issue. > > Attached goes a Proof Of Concept. > > NOTE: I think the problem may not be exploitable because you need to > write a shellcode using only valid XML characters. > > Regards, > Joxean Koret > > [...snip...] Thanks for your report. I forwarded it to the developer's mailing list. On my PowerBook inkscape simply crashed when opening your file, I don't know what it should do on a i386 box. I tried to open it in vim, but there it causes troubles too, at least for the syntax highlighter. I also tried it with sodipodi, but could not see an effect. It seems to open cleanly. With best wishes, Wolfi
signature.asc
Description: Digital signature
