CVE-2008-4639Link Following in Jhead

CWE-59Link FollowingCWE-377Insecure Temporary File6 documents6 sources
Severity
4.6MEDIUMNVD
EPSS
0.0%
top 90.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Jhead Project JheadDebian JheadSentex Jhead
Timeline
PublishedOct 21
Latest updateMay 17

Description

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

debiandebian/jhead< jhead 2.84-1 (bookworm)
Debianjhead_project/jhead< 2.84-1+3
NVDsentex/jhead2.84+20

🔴Vulnerability Details

2
GHSA
GHSA-fx78-2g59-7rrf: jhead2022-05-17
OSV
CVE-2008-4639: jhead2008-10-21

📋Vendor Advisories

2
Red Hat
jhead: insecure temporary file usage2008-10-15
Debian
CVE-2008-4639: jhead - jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrit...2008

💬Community

1
Bugzilla
CVE-2008-4639 jhead: insecure temporary file usage2008-10-22