tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Eyed3 | Travis_shirk | 0.6.0 | 0.6.0 |
Eyed3 | Travis_shirk | 0.6.6 | 0.6.6 |
Eyed3 | Travis_shirk | 0.6.13 | 0.6.13 |
Eyed3 | Travis_shirk | 0.6.0 | 0.6.0 |
Eyed3 | Travis_shirk | 0.6.16 | 0.6.16 |
Eyed3 | Travis_shirk | 0.6.5 | 0.6.5 |
Eyed3 | Travis_shirk | 0.4.0 | 0.4.0 |
Opensuse | Opensuse | 12.3 | 12.3 |
Eyed3 | Travis_shirk | 0.7.3 | 0.7.3 |
Eyed3 | Travis_shirk | 0.5.1 | 0.5.1 |
Eyed3 | Travis_shirk | 0.6.14 | 0.6.14 |
Eyed3 | Travis_shirk | 0.5.0 | 0.5.0 |
Eyed3 | Travis_shirk | 0.6.9 | 0.6.9 |
Eyed3 | Travis_shirk | 0.6.1 | 0.6.1 |
Eyed3 | Travis_shirk | 0.6.10 | 0.6.10 |
Eyed3 | Travis_shirk | 0.3.1 | 0.3.1 |
Eyed3 | Travis_shirk | 0.6.17 | 0.6.17 |
Eyed3 | Travis_shirk | * | 0.6.18 |
Eyed3 | Travis_shirk | 0.6.11 | 0.6.11 |
Eyed3 | Travis_shirk | 0.6.4 | 0.6.4 |
Eyed3 | Travis_shirk | 0.2.0 | 0.2.0 |
Eyed3 | Travis_shirk | 0.6.3 | 0.6.3 |
Eyed3 | Travis_shirk | 0.6.2 | 0.6.2 |
Eyed3 | Travis_shirk | 0.1.0 | 0.1.0 |
Eyed3 | Travis_shirk | 0.6.8 | 0.6.8 |
Eyed3 | Travis_shirk | 0.3.0 | 0.3.0 |
Eyed3 | Travis_shirk | 0.6.15 | 0.6.15 |
Eyed3 | Travis_shirk | 0.6.12 | 0.6.12 |
Opensuse | Opensuse | 13.1 | 13.1 |