GLSA-200511-22 : Inkscape: Buffer overflow
Medium Nessus Plugin ID 20266
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200511-22 (Inkscape: Buffer overflow)
Joxean Koret has discovered that Inkscape incorrectly allocates memory when opening an SVG file, creating the possibility of a buffer overflow if the SVG file being opened is specially crafted.
An attacker could entice a user into opening a maliciously crafted SVG file, allowing for the execution of arbitrary code on a machine with the privileges of the user running Inkscape.
There is no known workaround at this time.
SolutionAll Inkscape users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/inkscape-0.43'