Lucene search

GitHub Advisory DatabaseGHSA-5PJJ-7M4P-WFH2

HistoryMay 17, 2022 - 2:04 a.m.

ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack

2022-05-1702:04:28

CWE-59

GitHub Advisory Database

github.com

ocrodjvu

arbitrary file modification

debian gnu/linux

symlink attack

cuneiform

ocr engine

software

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.

Affected configurations

Vulners

Node

jwilkocrodjvuMatch0.4.6-1

VendorProductVersionCPE
jwilkocrodjvu0.4.6-1cpe:2.3:a:jwilk:ocrodjvu:0.4.6-1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jwilk	ocrodjvu	0.4.6-1	cpe:2.3:a:jwilk:ocrodjvu:0.4.6-1:::::::*

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=598134

exchange.xforce.ibmcloud.com/vulnerabilities/64892

github.com/advisories/GHSA-5pjj-7m4p-wfh2

nvd.nist.gov/vuln/detail/CVE-2010-4338

web.archive.org/web/20200229160520/www.securityfocus.com/bid/45234

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for GHSA-5PJJ-7M4P-WFH2