CVE-2007-4460

Name of the Vulnerable Software and Affected Versions id3lib versions prior to 3.8.3-r6 libid3-3.8.3-dev (affected versions not specified) libid3-3.8.3 (affected versions not specified)

Description The issue allows local users to exploit the vulnerability, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally. Specifically, the RenderV2ToFile function in tag file.cpp is vulnerable to a symlink attack on a temporary file, allowing local users to overwrite arbitrary files.

Recommendations For id3lib versions prior to 3.8.3-r6, update to version 3.8.3-r6 or later to resolve the issue. For libid3-3.8.3-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For libid3-3.8.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.