CVE-2013-5648

libdigidoc <3.7.2 - Path Traversal

Title source: llm
STIX 2.1

Description

Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.

Scores

EPSS 0.0205
EPSS Percentile 78.9%

Details

CWE
CWE-22
Status published
Products (3)
id/id-software 3.7
id/id-software 3.7.1
id/libdigidoc 3.6.0.0
Published Aug 29, 2013
Tracked Since Feb 18, 2026