Inkscape
by Inkscape
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4980 | Med | 0.41 | 6.3 | 0.00 | Mar 27, 2026 | A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags. | ||
| CVE-2012-5656 | Med | 0.36 | 5.5 | 0.01 | Jan 18, 2013 | The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. | ||
| CVE-2025-15523 | Med | 0.31 | — | 0.00 | Jan 22, 2026 | MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts,… | ||
| CVE-2005-3737 | 0.04 | — | 0.13 | Nov 22, 2005 | Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values. | |||
| CVE-2021-42704 | 0.00 | — | 0.01 | May 18, 2022 | Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code. | |||
| CVE-2021-42702 | 0.00 | — | 0.01 | May 18, 2022 | Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information. | |||
| CVE-2021-42700 | 0.00 | — | 0.01 | May 18, 2022 | Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information. | |||
| CVE-2012-6076 | 0.00 | — | 0.00 | Mar 12, 2013 | Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts. | |||
| CVE-2007-1463 | 0.00 | — | 0.03 | Mar 21, 2007 | Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. | |||
| CVE-2007-1464 | 0.00 | — | 0.03 | Mar 21, 2007 | Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2005-3885 | 0.00 | — | 0.00 | Nov 29, 2005 | The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file. |
- risk 0.41cvss 6.3epss 0.00
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
- risk 0.36cvss 5.5epss 0.01
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
- risk 0.31cvss —epss 0.00
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts,…
- CVE-2005-3737Nov 22, 2005risk 0.04cvss —epss 0.13
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
- CVE-2021-42704May 18, 2022risk 0.00cvss —epss 0.01
Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.
- CVE-2021-42702May 18, 2022risk 0.00cvss —epss 0.01
Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.
- CVE-2021-42700May 18, 2022risk 0.00cvss —epss 0.01
Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.
- CVE-2012-6076Mar 12, 2013risk 0.00cvss —epss 0.00
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
- CVE-2007-1463Mar 21, 2007risk 0.00cvss —epss 0.03
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
- CVE-2007-1464Mar 21, 2007risk 0.00cvss —epss 0.03
Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2005-3885Nov 29, 2005risk 0.00cvss —epss 0.00
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.