CVE-2007-5940
published 2007-11-13CVE-2007-5940: feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the…
PriorityP414medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.40%
32.2th percentile
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | feynmf | < feynmf 1.08-1 (bookworm) | feynmf 1.08-1 (bookworm) |
| debian | texlive-bin | < feynmf 1.08-1 (bookworm) | feynmf 1.08-1 (bookworm) |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2007-5940: feynmf - feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwri...
vendor_debian·2007·CVSS 4.6
CVE-2007-5940 [MEDIUM] CVE-2007-5940: feynmf - feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwri...
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
Scope: local
bookworm: resolved (fixed in 1.08-1)
bullseye: resolved (fixed in 1.08-1)
forky: resolved (fixed in 1.08-1)
sid: resolved (fixed in 1.08-1)
trixie: resolved (fixed in 1.08-1)
GHSA
GHSA-rghg-gw3p-2f8w: feynmf
ghsa_unreviewed·2022-05-01
CVE-2007-5940 [MEDIUM] CWE-59 GHSA-rghg-gw3p-2f8w: feynmf
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
OSV
CVE-2007-5940: feynmf
osv·2007-11-13·CVSS 4.6
CVE-2007-5940 [MEDIUM] CVE-2007-5940: feynmf
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.gentoo.org/show_bug.cgi?id=198231http://osvdb.org/42397http://secunia.com/advisories/27737http://secunia.com/advisories/27739http://security.gentoo.org/glsa/glsa-200711-32.xmlhttp://www.securityfocus.com/bid/26507http://www.vupen.com/english/advisories/2007/3974http://bugs.gentoo.org/show_bug.cgi?id=198231http://osvdb.org/42397http://secunia.com/advisories/27737http://secunia.com/advisories/27739http://security.gentoo.org/glsa/glsa-200711-32.xmlhttp://www.securityfocus.com/bid/26507http://www.vupen.com/english/advisories/2007/3974
2007-11-13
Published