CVE-2011-2924
MEDIUMfoomatic-filters < 4.0.12 - Symlink Attack via Insecure Temporary File Creation
Title source: llmDescription
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-2924
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2011-2924
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2014/02/08/5/1
Third Party Advisory x_refsource_misc
https://lwn.net/Articles/459979/
Release Notes, Third Party Advisory x_refsource_misc
https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1
Scores
CVSS v3
5.5
EPSS
0.0013
EPSS Percentile
31.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (6)
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
14
fedoraproject/fedora
15
linuxfoundation/foomatic-filters
< 4.0.12
Published
Nov 19, 2019
Tracked Since
Feb 18, 2026