CVE-2014-0027
NONE EPSS 25.0%
Published Jan 26, 201412y ago · Modified Jun 17, 20262w ago
Published Jan 26, 2014 12y ago
Last Modified Jun 17, 2026 2w ago
Description
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.
Threat Intelligence
EPSS Exploit Probability
25.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-59
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| cmu | flite | 1.4 | any |
References 7
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127748.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127776.html
- seclists.org http://seclists.org/oss-sec/2014/q1/59
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2014:032
- osvdb.org http://www.osvdb.org/101948
- securityfocus.com http://www.securityfocus.com/bid/64791
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1048678
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.