CVE-2014-4978

The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
rawstudiorawstudio
2.0-1.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rawstudio
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162109.html
http://www.openwall.com/lists/oss-security/2014/07/16/15
http://www.securityfocus.com/bid/68671
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899
https://bugzilla.redhat.com/show_bug.cgi?id=1120093
https://exchange.xforce.ibmcloud.com/vulnerabilities/94633
https://github.com/rawstudio/rawstudio/commit/9c2cd3c93c05d009a91d84eedbb85873b0cb505d
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162109.html
http://www.openwall.com/lists/oss-security/2014/07/16/15
http://www.securityfocus.com/bid/68671
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899
https://bugzilla.redhat.com/show_bug.cgi?id=1120093
https://exchange.xforce.ibmcloud.com/vulnerabilities/94633
https://github.com/rawstudio/rawstudio/commit/9c2cd3c93c05d009a91d84eedbb85873b0cb505d