CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
5.1%
chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.
Vendor | Product | Version | CPE |
---|---|---|---|
karakas-online | chm2pdf | 0.9 | cpe:2.3:a:karakas-online:chm2pdf:0.9:*:*:*:*:*:*:* |
bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959
lists.fedoraproject.org/pipermail/package-announce/2011-January/053501.html
lists.fedoraproject.org/pipermail/package-announce/2011-January/053510.html
secunia.com/advisories/32257
secunia.com/advisories/43109
www.securityfocus.com/bid/31735
www.vupen.com/english/advisories/2011/0236
exchange.xforce.ibmcloud.com/vulnerabilities/45813