From $URL : An untrusted directory search path vulnerability was found in the way Inkscape, a vector graphics editor, using the W3C standard Scalable Vector Graphics (SVG) file format, loaded EPS (Encapsulated PostScript) files. A local attacker could use this flaw to execute arbitrary PostScript code with the privileges of the user running the inkscape executable. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341 [2] https://bugs.launchpad.net/inkscape/+bug/911146 [3] http://www.openwall.com/lists/oss-security/2012/12/29/5 [4] http://www.openwall.com/lists/oss-security/2012/12/30/2 [5] https://bugzilla.novell.com/show_bug.cgi?id=796306 Relevant patch: [6] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=47;filename=0005-Add-patch-to-fix-upstream-vulnerability-LP-911146.patch;att=5;bug=654341 [7] https://bugs.launchpad.net/inkscape/+bug/911146/comments/2 (but see also subsequent comments wrt to the patch regression)
GLSA vote: no.
CVE-2012-6076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6076): Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
NO too, closing.
