PT-2011-1507 · None · Cuneiform+1
Jakub Wilk
·
Published
2011-01-20
·
Updated
2022-05-17
·
CVE-2010-4338
CVSS v2.0
6.2
Medium
| Vector | AV:L/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ocrodjvu version 0.4.6-1
Description
The issue allows local users to modify arbitrary files via a symlink attack on temporary files generated when Cuneiform is invoked as the OCR engine.
Recommendations
For ocrodjvu version 0.4.6-1, consider restricting access to temporary files generated by the Cuneiform OCR engine to prevent symlink attacks until a patch is available.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cuneiform
Ocrodjvu