{"containers": {"cna": {"affected": [{"product": "Inkscape", "vendor": "Inkscape", "versions": [{"status": "affected", "version": "0.91"}]}], "credits": [{"lang": "en", "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."}], "datePublic": "2022-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-01T13:58:43", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"}], "solutions": [{"lang": "en", "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."}], "source": {"discovery": "UNKNOWN"}, "title": "Inkscape Access of Uninitialized Pointer", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-05-12T21:42:00.000Z", "ID": "CVE-2021-42702", "STATE": "PUBLIC", "TITLE": "Inkscape Access of Uninitialized Pointer"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Inkscape", "version": {"version_data": [{"version_affected": "=", "version_value": "0.91"}]}}]}, "vendor_name": "Inkscape"}]}}, "credit": [{"lang": "eng", "value": "Tran Van Khang \u2013 khangkito (VinCSS), working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-824 Access of Uninitialized Pointer"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"}, {"name": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/", "refsource": "CONFIRM", "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"}]}, "solution": [{"lang": "en", "value": "Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later."}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:38:50.116Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-42702", "datePublished": "2022-05-18T16:24:13.808900Z", "dateReserved": "2021-10-18T00:00:00", "dateUpdated": "2024-09-16T20:52:23.451Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:inkscape:inkscape:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "DF5D548A-F1D4-4BAA-96BA-DA562A78C5C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information."}, {"lang": "es", "value": "La versi\u00f3n 0.91 de Inkscape puede acceder a un puntero no inicializado, lo que puede permitir a un atacante tener acceso a informaci\u00f3n no autorizada"}], "id": "CVE-2021-42702", "lastModified": "2024-11-21T06:28:00.253", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-18T17:15:08.147", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.integraxor.com/scada-animation-graphic-editor-extension-inkscape/"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{"bugzilla": {"description": "inkscape: Inkscape can access an uninitialized pointer that allowes to unauthorized information.", "id": "2088224", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088224"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-824", "details": ["Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.", "A flaw was found in Inkscape, which is vulnerable to accessing an uninitialized pointer. This flaw allows an attacker to have access to unauthorized information."], "name": "CVE-2021-42702", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "inkscape", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "inkscape", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "inkscape:0.92.3/inkscape", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "inkscape:flatpak/inkscape", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "inkscape", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "inkscape:flatpak/inkscape", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-42702\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-42702\nhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03"], "threat_severity": "Moderate"}