id3lib -- insecure temporary file creation

ID 15EC9123-7061-11DC-B372-001921AB2FA4
Type freebsd
Reporter FreeBSD
Modified 2007-10-01T00:00:00


Debian Bug report log reports:

When tagging file $foo, a temporary copy of the file is created, and for some reason, libid3 doesn't use mkstemp but just creates $foo.XXXXXX literally, without any checking. This would silently truncate and overwrite an existing $foo.XXXXXX.