4 matches found
CVE-2017-7875
CVE-2017-7875 affects feh (wallpaper.c). A malicious IPC message spoofing the E17 window manager can trigger an out-of-bounds heap write due to an integer overflow, leading to a buffer overflow and/or double free. The issue is triggered by certain IPC interactions and is associated with versions ...
CVE-2010-2246
CVE-2010-2246 affects feh prior to 1.8, where enabling --wget-timestamp allows remote command execution via shell metacharacters in a URL. The issue is confirmed in multiple OpenVAS/Gentoo/Gentoo GLSA entries, with CVSS v2 base score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P). Mitigation documented in GLSA...
CVE-2011-0702
CVE-2011-0702 affects feh before 1.11.2, where feh_unique_filename in utils.c can be exploited by local users via a symlink attack on a /tmp/feh_ temporary file to overwrite arbitrary files. Public references describe this as a local vulnerability with potential for file overwrite; remediation ob...
CVE-2011-1031
The provided documents confirm a local privilege/filenaming issue in feh (CVE-2011-1031) affecting feh 1.11.2 and earlier, due to a symlink race in feh_unique_filename that can let a local user create/overwrite files under /tmp/feh_. Exploitation is local and does not require authentication. The ...