CVE-2007-5940 — Link Following in Feynmf

CWE-59 — Link Following4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 86.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Feynmf Debian Texlive-bin

Timeline

PublishedNov 13

Latest updateMay 1

Description

feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/feynmf< feynmf 1.08-1 (bookworm)

▶debiandebian/texlive-bin< feynmf 1.08-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-rghg-gw3p-2f8w: feynmf↗2022-05-01

▶

OSV

CVE-2007-5940: feynmf↗2007-11-13

▶

📋Vendor Advisories

Debian

CVE-2007-5940: feynmf - feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwri...↗2007

▶