The feh_unique_filename function in utils.c in feh 1.11.2 and previous versions might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
feh project feh 1.3.5 |
||
feh project feh 1.4 |
||
feh project feh 1.4.1 |
||
feh project feh 1.4.2 |
||
feh project feh 1.4.3 |
||
feh project feh 1.5 |
||
feh project feh 1.6 |
||
feh project feh 1.6.1 |
||
feh project feh 1.7 |
||
feh project feh 1.8 |
||
feh project feh 1.9 |
||
feh project feh 1.10 |
||
feh project feh 1.10.1 |
||
feh project feh 1.11 |
||
feh project feh 1.11.1 |
||
feh project feh |