CVE 2012-5656
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
See the
CVE page on Mitre.org
for more details.