4.6

CVE-2008-4639

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SentexJhead Version <= 2.84
SentexJhead Version1.2
SentexJhead Version1.3
SentexJhead Version1.4
SentexJhead Version1.5
SentexJhead Version1.6
SentexJhead Version1.7
SentexJhead Version1.8
SentexJhead Version1.9
SentexJhead Version2.0
SentexJhead Version2.1
SentexJhead Version2.2
SentexJhead Version2.3
SentexJhead Version2.4
SentexJhead Version2.4-1
SentexJhead Version2.4-2
SentexJhead Version2.5
SentexJhead Version2.6
SentexJhead Version2.7
SentexJhead Version2.8
SentexJhead Version2.82
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.065
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.