PT-2011-1507 · None · Cuneiform+1

Jakub Wilk

·

Publicado

2011-01-20

·

Atualizado

2022-05-17

·

CVE-2010-4338

CVSS v2.0

6.2

Média

VetorAV:L/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions ocrodjvu version 0.4.6-1
Description The issue allows local users to modify arbitrary files via a symlink attack on temporary files generated when Cuneiform is invoked as the OCR engine.
Recommendations For ocrodjvu version 0.4.6-1, consider restricting access to temporary files generated by the Cuneiform OCR engine to prevent symlink attacks until a patch is available.

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CVE-2010-4338
GHSA-5PJJ-7M4P-WFH2

Produtos afetados

Cuneiform
Ocrodjvu