CVE Vulnerabilities

CVE-2010-3364

Published: Oct 20, 2010 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
LOW

The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Affected Software

Name Vendor Start Version End Version
Vips Vips 7.22.2 (including) 7.22.2 (including)
Vips Ubuntu dapper *
Vips Ubuntu hardy *
Vips Ubuntu jaunty *
Vips Ubuntu karmic *
Vips Ubuntu maverick *
Vips Ubuntu upstream *

References