Vulnerability in Jwilk Ocrodjvu

CVE-2010-4338

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.

EPSS: 0.000 (7.8th percentile) — read the EPSS interpretation.

Affected products

Jwilk Ocrodjvu — versions 0.4.6-1
Debian Linux
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

secalert@redhat.com (x_refsource_CONFIRM)
45234 (vdb-entry, x_refsource_BID)
ocrodjvu-cuneiform-symlink(64892) (vdb-entry, x_refsource_XF)