Computer Security
[EN] securityvulns.ru no-pyccku


libdigidoc unauthorized access
Published:09.09.2013
Source:
SecurityVulns ID:13270
Type:library
Threat Level:
5/10
Description:It's possible to overwrite any file.
Affected:LIBDIGIDOC : libdigidoc 3.6
CVE:CVE-2013-5648 (Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:225 ] libdigidoc (09.09.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod