CVE-2011-1136

MEDIUM

tesseract 2.03-2.04 - Arbitrary File Write via PID Link Guessing

Title source: llm
STIX 2.1

Description

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-1136
Exploit, Mailing List, Patch, Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612032
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/tesseract/+bug/607297

Scores

CVSS v3 4.7
EPSS 0.0045
EPSS Percentile 35.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-59
Status published
Products (5)
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
tesseract_project/tesseract 2.03
tesseract_project/tesseract 2.04
Published Nov 14, 2019
Tracked Since Feb 18, 2026