Candidate: CVE-2017-9149
PublicDate: 2017-05-22 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9149
 https://0xacab.org/mat/mat/issues/11527
Description:
 Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to
 perform "Clean metadata" actions upon invocation from the Nautilus
 contextual menu, which allows context-dependent attackers to obtain
 sensitive information by reading a file for which cleaning had been
 attempted.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858058
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_mat:
upstream_mat: released (0.6.1-4)
precise/esm_mat: DNE
trusty_mat: ignored (out of standard support)
trusty/esm_mat: DNE
xenial_mat: ignored (end of standard support, was needs-triage)
bionic_mat: not-affected (0.6.1-4)
focal_mat: DNE
groovy_mat: DNE
hirsute_mat: DNE
impish_mat: DNE
jammy_mat: DNE
devel_mat: DNE