CVE-2010-4338

Improper Link Resolution Before File Access ('Link Following') in pypi/ocrodjvu

Identifiers

GHSA-5pjj-7m4p-wfh2, CVE-2010-4338

Package Slug

pypi/ocrodjvu

Vulnerability

Improper Link Resolution Before File Access ('Link Following')

Description

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.

Affected Versions

Version 0.4.6-1

Solution

Upgrade to version 0.4.6-2 or above.

Last Modified

2024-02-09

source