user/id3lib: CVE-2007-4460: RenderV2ToFile symlink attack
| Bugzilla ID | 161 |
| Alias(es) | CVE-2007-4460 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:19:17 -0500 |
| Modified | 2019-08-04 19:26:44 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2007-4460 |
Description
The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3)
3.8.3 allows local users to overwrite arbitrary files via a symlink
attack on a temporary file whose name is constructed from the name of
a file being tagged.