Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gummi 本地竞争条件漏洞
Vulnerability Description
Gummi是荷兰软件开发者Alexander van der Meij所研发的一款基于Linux平台且使用C和GTK+技术开发的开源Latex编辑器,它提供实时预览、语法高亮、导出到PDF、纠错/拼写检查和预设模版等功能。 Gummi 0.6.5版本中存在安全漏洞,该漏洞源于程序为/tmp目录下的文件使用可预测的名称(与已存在文件相同的名称且使用.aux、.log、.out、.pdf或.toc扩展名)。本地攻击者可通过对临时文件实施符号链接攻击,利用该漏洞写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A