Lucene search

[email protected]NVD:CVE-2007-4460

HistoryAug 21, 2007 - 9:17 p.m.

CVE-2007-4460

2007-08-2121:17:00

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.

Affected configurations

NVD

Node

id3libid3libMatch3.8.3

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=438540

secunia.com/advisories/26536

secunia.com/advisories/26646

secunia.com/advisories/26793

secunia.com/advisories/26818

secunia.com/advisories/26987

security.gentoo.org/glsa/glsa-200709-08.xml

www.debian.org/security/2007/dsa-1365

www.mandriva.com/security/advisories?name=MDKSA-2007:180

www.novell.com/linux/security/advisories/2007_19_sr.html

www.securityfocus.com/bid/25372

www.securitytracker.com/id?1018667

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253553

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for NVD:CVE-2007-4460

nessus9 gentoo1 securityvulns2 cvelist1 debiancve1 openvas18 debian3 fedora1 ubuntucve1 freebsd1 prion1 cve1