Moderate severityNVD Advisory· Published Jan 20, 2011· Updated Apr 29, 2026

CVE-2010-4338

Description

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
ocrodjvuPyPI	>= 0.4.6-1, < 0.4.6-2	0.4.6-2

Affected products

Jwilk/Ocrodjvu
cpe:2.3:a:jwilk:ocrodjvu:0.4.6-1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-5pjj-7m4p-wfh2ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2010-4338ghsaADVISORY
bugs.debian.org/cgi-bin/bugreport.cginvdWEB
exchange.xforce.ibmcloud.com/vulnerabilities/64892nvdWEB
web.archive.org/web/20200229160520/http://www.securityfocus.com/bid/45234ghsaWEB
www.securityfocus.com/bid/45234nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000