CVE-2012-3355

(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
gnomerhythmbox
𝑥
≤ 0.13.3
gnomerhythmbox
0.5.0
gnomerhythmbox
0.5.1
gnomerhythmbox
0.5.2
gnomerhythmbox
0.5.3
gnomerhythmbox
0.5.4
gnomerhythmbox
0.5.88
gnomerhythmbox
0.6.0
gnomerhythmbox
0.6.1
gnomerhythmbox
0.6.2
gnomerhythmbox
0.6.3
gnomerhythmbox
0.6.4
gnomerhythmbox
0.6.5
gnomerhythmbox
0.6.6
gnomerhythmbox
0.6.7
gnomerhythmbox
0.6.8
gnomerhythmbox
0.7.0
gnomerhythmbox
0.7.1
gnomerhythmbox
0.7.2
gnomerhythmbox
0.8.0
gnomerhythmbox
0.8.1
gnomerhythmbox
0.8.2
gnomerhythmbox
0.8.3
gnomerhythmbox
0.8.4
gnomerhythmbox
0.8.5
gnomerhythmbox
0.8.6
gnomerhythmbox
0.8.7
gnomerhythmbox
0.8.8
gnomerhythmbox
0.9.0
gnomerhythmbox
0.9.1
gnomerhythmbox
0.9.2
gnomerhythmbox
0.9.3
gnomerhythmbox
0.9.3.1
gnomerhythmbox
0.9.4
gnomerhythmbox
0.9.4.1
gnomerhythmbox
0.9.5
gnomerhythmbox
0.9.6
gnomerhythmbox
0.9.6.90
gnomerhythmbox
0.9.7
gnomerhythmbox
0.9.8
gnomerhythmbox
0.10.0
gnomerhythmbox
0.10.0.90
gnomerhythmbox
0.10.1
gnomerhythmbox
0.11.0
gnomerhythmbox
0.11.1
gnomerhythmbox
0.11.2
gnomerhythmbox
0.11.3
gnomerhythmbox
0.11.4
gnomerhythmbox
0.11.5
gnomerhythmbox
0.11.6
gnomerhythmbox
0.12.0
gnomerhythmbox
0.12.1
gnomerhythmbox
0.12.2
gnomerhythmbox
0.12.3
gnomerhythmbox
0.12.4
gnomerhythmbox
0.12.5
gnomerhythmbox
0.12.6
gnomerhythmbox
0.12.7
gnomerhythmbox
0.12.8
gnomerhythmbox
0.13.0
gnomerhythmbox
0.13.1
gnomerhythmbox
0.13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rhythmbox
bookworm
3.4.6-2
fixed
bullseye
3.4.4-4
fixed
sid
3.4.7-2
fixed
squeeze
no-dsa
trixie
3.4.7-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rhythmbox
hardy
not-affected
lucid
not-affected
natty
not-affected
oneiric
Fixed 2.90.1~20110908-0ubuntu1.4
released
precise
Fixed 2.96-0ubuntu4.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
rhythmbox
suse enterprise desktop 12
3.0.2-1.92
fixed
suse enterprise desktop 12 SP1
3.0.2-1.92
fixed
suse enterprise desktop 12 SP2
3.4-6.14
fixed
suse enterprise desktop 12 SP3
3.4-6.14
fixed
suse enterprise desktop 12 SP4
3.4-6.14
fixed
suse enterprise sap 12
3.0.2-1.92
fixed
suse enterprise sap 12 SP1
3.0.2-1.92
fixed
suse enterprise sap 12 SP2
3.4-6.14
fixed
suse enterprise sap 12 SP3
3.4-6.14
fixed
suse enterprise sap 12 SP4
3.4-6.14
fixed
suse enterprise sap 12 SP5
3.4-6.14
fixed
suse enterprise server 12
3.0.2-1.92
fixed
suse enterprise server 12 SP1
3.0.2-1.92
fixed
suse enterprise server 12 SP2
3.4-6.14
fixed
suse enterprise server 12 SP3
3.4-6.14
fixed
suse enterprise server 12 SP4
3.4-6.14
fixed
suse enterprise server 12 SP5
3.4-6.14
fixed
suse enterprise workstation 12
3.0.2-1.92
fixed
suse enterprise workstation 12 SP1
3.0.2-1.92
fixed
suse enterprise workstation 12 SP2
3.4-6.14
fixed
suse enterprise workstation 12 SP3
3.4-6.14
fixed
suse enterprise workstation 12 SP4
3.4-6.14
fixed
suse enterprise workstation 12 SP5
3.4-6.14
fixed
rhythmbox-lang
suse enterprise desktop 12
3.0.2-1.92
fixed
suse enterprise desktop 12 SP1
3.0.2-1.92
fixed
suse enterprise desktop 12 SP2
3.4-6.14
fixed
suse enterprise desktop 12 SP3
3.4-6.14
fixed
suse enterprise desktop 12 SP4
3.4-6.14
fixed
suse enterprise sap 12
3.0.2-1.92
fixed
suse enterprise sap 12 SP1
3.0.2-1.92
fixed
suse enterprise sap 12 SP2
3.4-6.14
fixed
suse enterprise sap 12 SP3
3.4-6.14
fixed
suse enterprise sap 12 SP4
3.4-6.14
fixed
suse enterprise sap 12 SP5
3.4-6.14
fixed
suse enterprise server 12
3.0.2-1.92
fixed
suse enterprise server 12 SP1
3.0.2-1.92
fixed
suse enterprise server 12 SP2
3.4-6.14
fixed
suse enterprise server 12 SP3
3.4-6.14
fixed
suse enterprise server 12 SP4
3.4-6.14
fixed
suse enterprise server 12 SP5
3.4-6.14
fixed
suse enterprise workstation 12
3.0.2-1.92
fixed
suse enterprise workstation 12 SP1
3.0.2-1.92
fixed
suse enterprise workstation 12 SP2
3.4-6.14
fixed
suse enterprise workstation 12 SP3
3.4-6.14
fixed
suse enterprise workstation 12 SP4
3.4-6.14
fixed
suse enterprise workstation 12 SP5
3.4-6.14
fixed
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html
http://www.openwall.com/lists/oss-security/2012/06/25/5
http://www.openwall.com/lists/oss-security/2012/06/25/7
http://www.securityfocus.com/bid/54186
http://www.ubuntu.com/usn/USN-1503-1
https://bugzilla.gnome.org/show_bug.cgi?id=678661
https://bugzilla.redhat.com/show_bug.cgi?id=835076
https://exchange.xforce.ibmcloud.com/vulnerabilities/76538
https://hermes.opensuse.org/messages/15351848
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html
http://www.openwall.com/lists/oss-security/2012/06/25/5
http://www.openwall.com/lists/oss-security/2012/06/25/7
http://www.securityfocus.com/bid/54186
http://www.ubuntu.com/usn/USN-1503-1
https://bugzilla.gnome.org/show_bug.cgi?id=678661
https://bugzilla.redhat.com/show_bug.cgi?id=835076
https://exchange.xforce.ibmcloud.com/vulnerabilities/76538
https://hermes.opensuse.org/messages/15351848