CVE-2011-0702

The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
Link Following
Severity
UNKNOWN
AV:L/AC:M/Au:N/C:N/I:P/A:P
Atk. Vector
LOCAL
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
feh_projectfeh
𝑥
≤ 1.11.1
feh_projectfeh
1.3.5
feh_projectfeh
1.4
feh_projectfeh
1.4.1
feh_projectfeh
1.4.2
feh_projectfeh
1.4.3
feh_projectfeh
1.5
feh_projectfeh
1.6
feh_projectfeh
1.6.1
feh_projectfeh
1.7
feh_projectfeh
1.8
feh_projectfeh
1.9
feh_projectfeh
1.10
feh_projectfeh
1.10.1
feh_projectfeh
1.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
feh
bullseye
3.6.3-1
fixed
squeeze
no-dsa
lenny
no-dsa
bookworm
3.9.1-2
fixed
sid
3.10.2-1
fixed
trixie
3.10.2-1
fixed