CVE-2007-4460
Published: 21 August 2007
The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.
Notes
Author | Note |
---|---|
kees | this is barely a security issue: attackers able to write to your local working directory can do many other bad things to you too. |
jdstrand | fixed in [DSA 1365-3] |
Priority
Status
Package | Release | Status |
---|---|---|
id3lib3.8.3 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(3.8.3-7ubuntu1)
|
|
hardy |
Released
(3.8.3-7ubuntu1)
|
|
intrepid |
Released
(3.8.3-7ubuntu1)
|
|
jaunty |
Released
(3.8.3-7ubuntu1)
|
|
upstream |
Needs triage
|