CVE-2005-3737 : Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2

Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.

Published 2005-11-22 00:03:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2005-3737

Inkscape » Inkscape » Version: 0.42.2
cpe:2.3:a:inkscape:inkscape:0.42.2:*:*:*:*:*:*:*
Matching versions
Inkscape » Inkscape » Version: 0.41
cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*
Matching versions
Inkscape » Inkscape » Version: 0.42
cpe:2.3:a:inkscape:inkscape:0.42:*:*:*:*:*:*:*
Matching versions
Inkscape » Inkscape » Version: 0.42.1
cpe:2.3:a:inkscape:inkscape:0.42.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-3737

EPSS FAQ

28.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-3737

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P	4.9	6.4	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-3737

http://www.novell.com/linux/security/advisories/2005_28_sr.html

404 Page Not Found | SUSE

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml

Inkscape: Buffer overflow (GLSA 200511-22) — Gentoo security
http://secunia.com/advisories/17778

About Secunia Research | Flexera
http://www.securityfocus.com/bid/15507

Exploit;Patch
http://secunia.com/advisories/17882

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/17651

About Secunia Research | Flexera
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2511

Site en construction
http://securityreason.com/securityalert/58

Arbitrary code execution through SVG import - CXSecurity.com
http://www.ubuntulinux.org/usn/usn-217-1

USN-217-1: Inkscape vulnerability | Ubuntu security notices | Ubuntu
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894

#330894 - inkscape: Arbitrary code execution when opening a malicious file - Debian Bug report logs
http://secunia.com/advisories/17662

About Secunia Research | Flexera
Patch;Vendor Advisory
http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1

Inkscape Reviews and Pricing 2024
http://www.debian.org/security/2005/dsa-916

[SECURITY] [DSA 916-1] New Inkscape packages fix arbitrary code execution

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2005-3737

Products affected by CVE-2005-3737

Exploit prediction scoring system (EPSS) score for CVE-2005-3737

CVSS scores for CVE-2005-3737

References for CVE-2005-3737