id3lib
Page content
- Author: voroskoi
- Vulnerable: 3.8.3-3
- Unaffected: 3.8.3-4terminus1
Nikolaus Schulz has reported a security issue in id3lib, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the “RenderV2ToFile()” function in src/tag_file.cpp handling temporary files in an insecure manner. This can be exploited to execute arbitrary commands with escalated privileges (usually root user).
- Bug Tracker URL: http://bugs.frugalware.org/task/2372