CVE-2019-3697

Name of the Vulnerable Software and Affected Versions openSUSE Leap 15.1 gnump3d versions 3.0-lp151.2.1 and prior versions

Description The issue is related to a UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d. This vulnerability allows local attackers to escalate privileges from the user gnump3d to root. The problem is associated with incorrect handling of symbolic links before accessing a file, which can be exploited to gain elevated privileges.

Recommendations For openSUSE Leap 15.1 gnump3d versions 3.0-lp151.2.1 and prior versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.