Vulnerability in Gnu A2ps

CVE-2001-1593

The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.

EPSS: 0.004 (31.3th percentile) — read the EPSS interpretation.

Affected products

Gnu A2ps — versions 4.10.3, 4.10.4, 4.12
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (mailing-list, x_refsource_MLIST)