CVE-2010-4338

ocrodjvu 0.4.6-1 - Arbitrary File Modification via Symlink Attack on Temporary Files

Title source: llm
STIX 2.1

Description

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.

References (3)

Core 3
Core References
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598134
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45234
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64892

Scores

EPSS 0.0031
EPSS Percentile 23.0%

Details

CWE
CWE-59
Status published
Products (2)
jwilk/ocrodjvu 0.4.6-1
pypi/ocrodjvu 0.4.6-1 - 0.4.6-2PyPI
Published Jan 20, 2011
Tracked Since Feb 18, 2026