Описание
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
Ссылки
- Patch
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.11.1 (включая)
Одно из
cpe:2.3:a:feh_project:feh:*:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.4:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.5:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.6:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.7:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.8:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.9:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.10:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:feh_project:feh:1.11:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.0003
Низкий
3.3 Low
CVSS2
Дефекты
CWE-59
Связанные уязвимости
ubuntu
почти 15 лет назад
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
debian
почти 15 лет назад
The feh_unique_filename function in utils.c in feh before 1.11.2 might ...
github
больше 3 лет назад
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
EPSS
Процентиль: 8%
0.0003
Низкий
3.3 Low
CVSS2
Дефекты
CWE-59