Computer Security
[EN] securityvulns.ru no-pyccku


feh multiple security vulnerabilities
Published:16.10.2011
Source:
SecurityVulns ID:11978
Type:local
Threat Level:
4/10
Description:Different vulnerabilities in graphics format parsing.
Affected:FEH : feh 1.12
CVE:CVE-2011-1031 (The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.)
 CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.)
 CVE-2010-2246 (feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.)
Original documentdocumentGENTOO, [ GLSA 201110-08 ] feh: Multiple vulnerabilities (16.10.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod