CVE-2007-4460

Priority
Description
The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3
allows local users to overwrite arbitrary files via a symlink attack on a
temporary file whose name is constructed from the name of a file being
tagged.
Notes
keesthis is barely a security issue: attackers able to write to your
local working directory can do many other bad things to you too.
jdstrandfixed in [DSA 1365-3]
Package
Upstream:needs-triage
More Information

Updated: 2020-09-10 00:12:12 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)