Pulseaudio: >> Pulseaudio >> 0.9.10 Security Vulnerabilities
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
CVSS Score
6.9
EPSS Score
0.0
Published
2010-03-18
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
CVSS Score
7.2
EPSS Score
0.001
Published
2009-07-17