Lucene search
+L

4 matches found

cve
cve
added 2017/04/14 6:0 p.m.77 views

CVE-2017-7875

CVE-2017-7875 affects feh (wallpaper.c). A malicious IPC message spoofing the E17 window manager can trigger an out-of-bounds heap write due to an integer overflow, leading to a buffer overflow and/or double free. The issue is triggered by certain IPC interactions and is associated with versions ...

9.8CVSS9.5AI score0.02266EPSS
cve
cve
added 2011/02/14 8:0 p.m.55 views

CVE-2011-0702

CVE-2011-0702 affects feh before 1.11.2, where feh_unique_filename in utils.c can be exploited by local users via a symlink attack on a /tmp/feh_ temporary file to overwrite arbitrary files. Public references describe this as a local vulnerability with potential for file overwrite; remediation ob...

3.3CVSS6.1AI score0.00333EPSS
cve
cve
added 2011/05/26 6:0 p.m.54 views

CVE-2010-2246

CVE-2010-2246 affects feh prior to 1.8, where enabling --wget-timestamp allows remote command execution via shell metacharacters in a URL. The issue is confirmed in multiple OpenVAS/Gentoo/Gentoo GLSA entries, with CVSS v2 base score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P). Mitigation documented in GLSA...

5.1CVSS7.4AI score0.06623EPSS
cve
cve
added 2011/02/14 9:0 p.m.52 views

CVE-2011-1031

The provided documents confirm a local privilege/filenaming issue in feh (CVE-2011-1031) affecting feh 1.11.2 and earlier, due to a symlink race in feh_unique_filename that can let a local user create/overwrite files under /tmp/feh_. Exploitation is local and does not require authentication. The ...

3.3CVSS6.2AI score0.00332EPSS