Suggestions search

All statuses

Filter by:

With package: inkscape-extensions.inkcut

Found 2 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-4980

6.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 3 weeks, 1 day ago

Improper Restriction of XML External Entity Reference in Inkscape

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.

References

Affected products

Inkscape

<1.3

Matching in nixpkgs

pkgs.inkscape

Vector graphics editor

nixos-unstable 1.4.3
- nixpkgs-unstable 1.4.3
- nixos-unstable-small 1.4.3
nixos-25.11 1.4.2
- nixos-25.11-small 1.4.2
- nixpkgs-25.11-darwin 1.4.2

pkgs.inkscape-with-extensions

Vector graphics editor

nixos-unstable 1.4.3
- nixpkgs-unstable 1.4.3
- nixos-unstable-small 1.4.3
nixos-25.11 1.4.2
- nixos-25.11-small 1.4.2
- nixpkgs-25.11-darwin 1.4.2

pkgs.inkscape-extensions.inkcut

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.inkscape-extensions.silhouette

Extension to drive Silhouette vinyl cutters (e.g. Cameo, Portrait, Curio series) from within Inkscape

nixos-unstable 1.29
- nixpkgs-unstable 1.29
- nixos-unstable-small 1.29
nixos-25.11 1.29
- nixos-25.11-small 1.29
- nixpkgs-25.11-darwin 1.29

pkgs.inkscape-extensions.applytransforms

Inkscape extension which removes all matrix transforms by applying them recursively to shapes

nixos-unstable 0.pre+unstable=2021-05-11
- nixpkgs-unstable 0.pre+unstable=2021-05-11
- nixos-unstable-small 0.pre+unstable=2021-05-11
nixos-25.11 0.pre+unstable=2021-05-11
- nixos-25.11-small 0.pre+unstable=2021-05-11
- nixpkgs-25.11-darwin 0.pre+unstable=2021-05-11

Package maintainers

@x123 x123 <nix@nixlink.net>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@Luflosi Luflosi <luflosi@luflosi.de>
@jfly Jeremy Fleischman <jeremyfleischman@gmail.com>

Untriaged

Permalink CVE-2025-15523

created 2 months, 3 weeks ago

TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker's malicious intent. This issue has been fixed in 1.4.3 version of Inkscape.