CVE-2010-4338 Information

Description

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598134 http://www.securityfocus.com/bid/45234 https://exchange.xforce.ibmcloud.com/vulnerabilities/64892