Lucene search
GoogleOSV:GHSA-RR52-WG7F-8875HistoryMay 14, 2022 - 2:09 a.m.
Improper Link Resolution Before File Access in logilab-commons
2022-05-1402:09:22
Google
osv.dev
10
extract_keys
fill_pdf
pdf_ext
symlink attack
arbitrary files
local users
logilab-commons
EPSS
0
Percentile
5.1%
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-common before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
References
comments.gmane.org/gmane.comp.security.oss.general/11986
lists.opensuse.org/opensuse-updates/2014-02/msg00085.html
secunia.com/advisories/57209
www.logilab.org/ticket/207561
bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051
github.com/advisories/GHSA-rr52-wg7f-8875
github.com/pypa/advisory-database/tree/main/vulns/logilab-common/PYSEC-2014-83.yaml
nvd.nist.gov/vuln/detail/CVE-2014-1838
Related
prion
prion
Design/Logic Flaw
2014-03-11 19:37:00
github
github
Improper Link Resolution Before File Access in logilab-commons
2022-05-14 02:09:22
cvelist
cvelist
CVE-2014-1838
2014-03-11 15:00:00
ubuntucve
ubuntucve
CVE-2014-1838
2014-03-11 00:00:00
cve
cve
CVE-2014-1838
2014-03-11 19:37:04
debiancve
debiancve
CVE-2014-1838
2014-03-11 19:37:04
nvd
nvd
CVE-2014-1838
2014-03-11 19:37:04
osv
osv
PYSEC-2014-83
2014-03-11 19:37:00
fedora
fedora
[SECURITY] Fedora 20 Update: python-logilab-common-0.61.0-1.fc20
2014-03-19 08:39:49
[SECURITY] Fedora 20 Update: pylint-1.1.0-1.fc20
2014-03-19 08:39:48
[SECURITY] Fedora 20 Update: python-astroid-1.0.1-2.fc20
2014-03-19 08:39:48
nessus
nessus
openvas
openvas
Fedora Update for pylint FEDORA-2014-3300
2014-03-20 00:00:00
Fedora Update for python-astroid FEDORA-2014-3300
2014-03-20 00:00:00
Fedora Update for python-astroid FEDORA-2014-3300
2014-03-20 00:00:00
mageia
mageia
Updated python-logilab-common packages fix security vulnerabilities
2014-03-04 01:37:46