The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Link | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/07/16/15 | issue tracking mailing list third party advisory |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899 | issue tracking mailing list third party advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=1120093 | issue tracking third party advisory |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162109.html | issue tracking third party advisory vendor advisory |
| https://github.com/rawstudio/rawstudio/commit/9c2cd3c93c05d009a91d84eedbb85873b0cb505d | issue tracking third party advisory patch |
| http://www.securityfocus.com/bid/68671 | vdb entry third party advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94633 | vdb entry third party advisory |