Vulnerability Details : CVE-2005-3885
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
Products affected by CVE-2005-3885
- cpe:2.3:a:inkscape:inkscape:0.41:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3885
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-3885
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2005-3885
-
http://www.securityfocus.com/bid/14522
Patch
-
https://usn.ubuntu.com/223-1/
404: Page not found | Ubuntu
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501
#321501 - inkscape: Unsafe temporary file handling in ps2epsi extension - Debian Bug report logs
-
http://www.debian.org/security/2005/dsa-916
[SECURITY] [DSA 916-1] New Inkscape packages fix arbitrary code execution
Jump to