6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
6.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code.
CPE | Name | Operator | Version |
---|---|---|---|
duncan_webb:freevo | duncan webb freevo | eq | 1.8.1 |