CVE-2009-1962
xfig - Arbitrary File Read and Write via Symlink Attack on Temporary Files
Title source: llmDescription
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49600
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:244
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/04/01/6
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35320
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34328
Scores
EPSS
0.0033
EPSS Percentile
24.8%
Details
CWE
CWE-59
Status
published
Products (3)
debian/debian_linux
4.0 (12 CPE variants)
debian/debian_linux
5.0 (13 CPE variants)
xfig/xfig
3.2.5
Published
Jun 08, 2009
Tracked Since
Feb 18, 2026