CVE-2015-7758

Name of the Vulnerable Software and Affected Versions Gummi version 0.6.5

Description The issue allows local users to write to arbitrary files via a symlink attack on a temporary dot file. This can be achieved by using specific file extensions, including (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc, as demonstrated by .thesis.tex.aux.

Recommendations For Gummi version 0.6.5, consider restricting access to temporary dot files to prevent symlink attacks until a patch is available. As a temporary workaround, avoid using Gummi to handle files with the mentioned extensions (.aux, .log, .out, .pdf, .toc) in sensitive environments.