inkscape 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk xxe、バッファオーバーフロー, and vendor risk memory corruption があり、vendor surface production workloads and vendor surface software deployment の利用場面で アプリケーションクラッシュ and vendor impact memory corruption などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-4980 | A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags. | [email protected] | 6.3 | 0.20% | 2026-03-27 | 2026-05-26 |
| CVE-2021-42704 | Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code. | [email protected] | 7.8 | 1.34% | 2022-05-18 | 2024-11-21 |
| CVE-2021-42702 | Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information. | [email protected] | 3.3 | 0.83% | 2022-05-18 | 2024-11-21 |
| CVE-2021-42700 | Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information. | [email protected] | 3.3 | 0.69% | 2022-05-18 | 2024-11-21 |
| CVE-2012-6076 | Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts. | [email protected] | 4.4 | 0.49% | 2013-03-12 | 2026-04-29 |
| CVE-2012-5656 | The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. | [email protected] | 5.5 | 1.16% | 2013-01-18 | 2026-04-29 |
| CVE-2007-1464 | Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | [email protected] | 6.8 | 3.22% | 2007-03-21 | 2026-04-23 |
| CVE-2007-1463 | Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. | [email protected] | 6.8 | 3.36% | 2007-03-21 | 2026-04-23 |
| CVE-2005-3885 | The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file. | [email protected] | 2.1 | 0.35% | 2005-11-29 | 2026-04-16 |
| CVE-2005-3737 | Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values. | [email protected] | 5.1 | 13.42% | 2005-11-22 | 2026-04-16 |