CVE-2010-3996

Name of the Vulnerable Software and Affected Versions Centre for Speech Technology Research (CSTR) Festival versions 2.0.95-beta and earlier

Description The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to the festival server placing a zero-length directory name in the LD LIBRARY PATH.

Recommendations For versions 2.0.95-beta and earlier, consider restricting access to the festival server until a patch is available. As a temporary workaround, avoid using the festival server with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.