CVE-2008-4639
jhead < 2.84 - Arbitrary File Overwrite via Symlink Attack on Temporary File
Title source: llmDescription
jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
References (5)
Core 5
Core References
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/15/5
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/02/06/5
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/16/3
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/10/15/6
Scores
EPSS
0.0032
EPSS Percentile
23.8%
Details
CWE
CWE-59
Status
published
Products (21)
sentex/jhead
1.2
sentex/jhead
1.3
sentex/jhead
1.4
sentex/jhead
1.5
sentex/jhead
1.6
sentex/jhead
1.7
sentex/jhead
1.8
sentex/jhead
1.9
sentex/jhead
2.0
sentex/jhead
2.1
... and 11 more
Published
Oct 21, 2008
Tracked Since
Feb 18, 2026