CVE-2011-1136Link Following in Tesseract

CWE-59Link Following4 documents4 sources
Severity
4.7MEDIUMNVD
EPSS
0.3%
top 50.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Tesseract Project TesseractDebian TesseractDebian Linux
Timeline
PublishedNov 14
Latest updateApr 22

Description

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

debiandebian/tesseract< tesseract 2.04-2.1 (bookworm)
Debiantesseract_project/tesseract< 2.04-2.1+3
NVDtesseract_project/tesseract2.03, 2.04+1

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: bugs.debian.orgPatch: bugs.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-mr6c-m5m7-mvxj: In tesseract 22022-04-22
OSV
CVE-2011-1136: In tesseract 22019-11-14

📋Vendor Advisories

1
Debian
CVE-2011-1136: tesseract - In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by gu...2011