CVE-2011-0702

The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
feh_projectfeh
𝑥
≤ 1.11.1
feh_projectfeh
1.3.5
feh_projectfeh
1.4
feh_projectfeh
1.4.1
feh_projectfeh
1.4.2
feh_projectfeh
1.4.3
feh_projectfeh
1.5
feh_projectfeh
1.6
feh_projectfeh
1.6.1
feh_projectfeh
1.7
feh_projectfeh
1.8
feh_projectfeh
1.9
feh_projectfeh
1.10
feh_projectfeh
1.10.1
feh_projectfeh
1.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
feh
bullseye
3.6.3-1
fixed
squeeze
no-dsa
lenny
no-dsa
bookworm
3.9.1-2
fixed
sid
3.10.2-1
fixed
trixie
3.10.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
feh
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
ignored
maverick
ignored
lucid
ignored
karmic
ignored
hardy
ignored
dapper
ignored