Unrated severityNVD Advisory· Published Nov 5, 2010· Updated Jun 16, 2026
CVE-2010-3996
CVE-2010-3996
Description
festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Affected products
7cpe:2.3:a:cstr:festival:1.4.1:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:cstr:festival:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:cstr:festival:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:cstr:festival:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:cstr:festival:1.95:*:*:*:*:*:*:*
- cpe:2.3:a:cstr:festival:1.96:*:*:*:*:*:*:*
- cpe:2.3:a:cstr:festival:*:beta:*:*:*:*:*:*range: <=2.0.95
- (no CPE)range: <= 2.0.95-beta
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.