CVE-2007-4462

Name of the Vulnerable Software and Affected Versions po4a versions prior to 0.32

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file. This is related to the lib/Locale/Po4a/Po.pm file in po4a.

Recommendations For versions prior to 0.32, update to version 0.32 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary files created by po4a to minimize the risk of exploitation.