Published: 08/05/2014 Updated: 30/10/2018

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and previous versions for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 13.1
opensuse opensuse 12.3
travis shirk eyed3
travis shirk eyed3 0.6.17
travis shirk eyed3 0.6.16
travis shirk eyed3 0.6.2
travis shirk eyed3 0.6.1
travis shirk eyed3 0.6.0
travis shirk eyed3 0.6.11
travis shirk eyed3 0.6.10
travis shirk eyed3 0.6.9
travis shirk eyed3 0.6.8
travis shirk eyed3 0.2.0
travis shirk eyed3 0.1.0
travis shirk eyed3 0.7.3
travis shirk eyed3 0.6.14
travis shirk eyed3 0.6.12
travis shirk eyed3 0.6.6
travis shirk eyed3 0.6.4
travis shirk eyed3 0.5.0
travis shirk eyed3 0.3.1
travis shirk eyed3 0.6.15
travis shirk eyed3 0.6.13
travis shirk eyed3 0.6.5
travis shirk eyed3 0.6.3
travis shirk eyed3 0.5.1
travis shirk eyed3 0.4.0
travis shirk eyed3 0.3.0

Debian Bug report logs - #737062 python-eyed3: CVE-2014-1934: insecure use of /tmp Package: python-eyed3; Maintainer for python-eyed3 is Gaetano Guerriero <xguerriero@tinit>; Source for python-eyed3 is src:eyed3 (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Wed, 29 Jan 2014 20:36:02 UTC Se ...

CWE-59 http://lists.opensuse.org/opensuse-updates/2014-05/msg00027.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00028.html https://bugzilla.redhat.com/show_bug.cgi?id=1063671 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062 https://nvd.nist.gov

CVE-2014-1934

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect