Vulnerability Details CVE-2012-2120
latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.5%
CVSS Severity
CVSS v2 Score 3.3
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668779
- http://www.openwall.com/lists/oss-security/2012/04/19/12
- http://www.openwall.com/lists/oss-security/2012/04/19/15
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668779
- http://www.openwall.com/lists/oss-security/2012/04/19/12
- http://www.openwall.com/lists/oss-security/2012/04/19/15
Products affected by CVE-2012-2120
-
cpe:2.3:a:debian:texlive-extra-utils:2011.20120322