FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
15ec9123-7061-11dc-b372-001921ab2fa4id3lib -- insecure temporary file creation

Debian Bug report log reports:

When tagging file $foo, a temporary copy of the file is created, and for some reason, libid3 doesn't use mkstemp but just creates $foo.XXXXXX literally, without any checking.

This would silently truncate and overwrite an existing $foo.XXXXXX.


Discovery 2007-08-20
Entry 2007-10-01
Modified 2007-10-01
id3lib
< 3.8.3_4

25372
CVE-2007-4460