inkscape

• Author: voroskoi
• Vulnerable: 0.45-1
• Unaffected: 0.45.1-1terminus1

Some vulnerabilities have been reported in Inkscape, which potentially can be exploited by malicious people to compromise a user’s system.

1. A format string error exists in certain dialogs. This can be exploited to execute arbitrary code by tricking the user into opening a specially crafted URI containing format string specifiers.
2. A format string error exists in the Whiteboard Jabber client, which potentially can be exploited to execute arbitrary code. Successful exploitation requires that the user is logged in to a Jabber server.

• Bug Tracker URL: http://bugs.frugalware.org/task/1857

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1463
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1464