CVE-2011-0702 in fehinfo

Summary

The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

ID	Vulnerability	CWE	Exp	Cou	CVE
56486	Daniel Friesel feh utils.c feh_unique_filename link following	59	Not defined	Official fix	CVE-2011-0702

Reservation

01/31/2011

Disclosure

02/14/2011

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-0702
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0702
CVE Details	https://www.cvedetails.com/cve/CVE-2011-0702/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!