jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jhead | Sentex | 1.2 | 1.2 |
| Jhead | Sentex | 1.3 | 1.3 |
| Jhead | Sentex | 1.4 | 1.4 |
| Jhead | Sentex | 1.5 | 1.5 |
| Jhead | Sentex | 1.6 | 1.6 |
| Jhead | Sentex | 1.7 | 1.7 |
| Jhead | Sentex | 1.8 | 1.8 |
| Jhead | Sentex | 1.9 | 1.9 |
| Jhead | Sentex | 2.0 | 2.0 |
| Jhead | Sentex | 2.1 | 2.1 |
| Jhead | Sentex | 2.2 | 2.2 |
| Jhead | Sentex | 2.3 | 2.3 |
| Jhead | Sentex | 2.4 | 2.4 |
| Jhead | Sentex | 2.4-1 | 2.4-1 |
| Jhead | Sentex | 2.4-2 | 2.4-2 |
| Jhead | Sentex | 2.5 | 2.5 |
| Jhead | Sentex | 2.6 | 2.6 |
| Jhead | Sentex | 2.7 | 2.7 |
| Jhead | Sentex | 2.8 | 2.8 |
| Jhead | Sentex | 2.82 | 2.82 |
| Jhead | Sentex | * | 2.84 |
| Jhead | Ubuntu | dapper | * |
| Jhead | Ubuntu | gutsy | * |
| Jhead | Ubuntu | hardy | * |
| Jhead | Ubuntu | upstream | * |