6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
29.9%
Javier Fernández-Sanguino Peña discovered that the tuxpaint-import.sh script created a temporary file in an insecure way. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running tuxpaint.
ubuntu.com/security/CVE-2005-3340