CVE-2012-5656

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Date published : 2013-01-18

http://www.securityfocus.com/bid/56965

http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931