user/id3lib: CVE-2007-4460: RenderV2ToFile symlink attack
Bugzilla ID | 161 |
Alias(es) | CVE-2007-4460 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-07-31 10:19:17 -0500 |
Modified | 2019-08-04 19:26:44 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2007-4460 |
Description
The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3)
3.8.3 allows local users to overwrite arbitrary files via a symlink
attack on a temporary file whose name is constructed from the name of
a file being tagged.