{"id":"GHSA-5pjj-7m4p-wfh2","summary":"ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack","details":"ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.","aliases":["CVE-2010-4338"],"modified":"2024-02-07T22:56:48.316144Z","published":"2022-05-17T02:04:28Z","database_specific":{"github_reviewed_at":"2024-02-07T22:40:09Z","github_reviewed":true,"nvd_published_at":"2011-01-20T19:00:00Z","cwe_ids":["CWE-59"],"severity":"MODERATE"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4338"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64892"},{"type":"PACKAGE","url":"https://github.com/jwilk-archive/ocrodjvu"},{"type":"WEB","url":"https://web.archive.org/web/20200229160520/http://www.securityfocus.com/bid/45234"},{"type":"WEB","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598134"}],"affected":[{"package":{"name":"ocrodjvu","ecosystem":"PyPI","purl":"pkg:pypi/ocrodjvu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.4.6-1"},{"fixed":"0.4.6-2"}]}],"versions":["0.4.6-1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5pjj-7m4p-wfh2/GHSA-5pjj-7m4p-wfh2.json"}}],"schema_version":"1.7.3"}