First published: Thu Jan 20 2011(Updated: )
ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
pip/ocrodjvu | =0.4.6-1 | 0.4.6-2 |
jwilk ocrodjvu | =0.4.6-1 | |
Debian GNU/Linux | ||
All of | ||
jwilk ocrodjvu | =0.4.6-1 | |
Debian GNU/Linux |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-4338 is considered to have moderate severity due to its potential for local privilege escalation.
To fix CVE-2010-4338, upgrade to ocrodjvu version 0.4.6-2 or later.
CVE-2010-4338 is vulnerable to a symlink attack that allows local users to modify arbitrary files.
CVE-2010-4338 affects ocrodjvu version 0.4.6-1.
CVE-2010-4338 cannot be exploited remotely as it requires local user access.