VYPR
Vendor

Inkscape

Products
1
CVEs
11
Across products
11
Status
Private

Products

1

Recent CVEs

11
  • CVE-2026-4980MedMar 27, 2026
    risk 0.41cvss 6.3epss 0.00

    A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.

  • CVE-2012-5656MedJan 18, 2013
    risk 0.36cvss 5.5epss 0.01

    The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

  • CVE-2025-15523MedJan 22, 2026
    risk 0.31cvss epss 0.00

    MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts,…

  • CVE-2005-3737Nov 22, 2005
    risk 0.04cvss epss 0.13

    Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.

  • CVE-2021-42704May 18, 2022
    risk 0.00cvss epss 0.01

    Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.

  • CVE-2021-42702May 18, 2022
    risk 0.00cvss epss 0.01

    Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.

  • CVE-2021-42700May 18, 2022
    risk 0.00cvss epss 0.01

    Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.

  • CVE-2012-6076Mar 12, 2013
    risk 0.00cvss epss 0.00

    Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.

  • CVE-2007-1464Mar 21, 2007
    risk 0.00cvss epss 0.03

    Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2007-1463Mar 21, 2007
    risk 0.00cvss epss 0.03

    Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.

  • CVE-2005-3885Nov 29, 2005
    risk 0.00cvss epss 0.00

    The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.