Unrated severityNVD Advisory· Published Feb 14, 2011· Updated Apr 29, 2026
CVE-2011-0702
CVE-2011-0702
Description
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
Affected products
15cpe:2.3:a:feh_project:feh:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:feh_project:feh:*:*:*:*:*:*:*:*range: <=1.11.1
- cpe:2.3:a:feh_project:feh:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- bugs.debian.org/cgi-bin/bugreport.cginvdPatch
- openwall.com/lists/oss-security/2011/02/09/1nvdPatch
- openwall.com/lists/oss-security/2011/02/09/14nvdPatch
- bugs.launchpad.net/ubuntu/+source/feh/+bug/607328nvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- derf.homelinux.org/git/feh/commit/nvdPatch
- github.com/derf/feh/issues/nvdPatch
- secunia.com/advisories/43221nvdVendor Advisory
- derf.homelinux.org/git/feh/commit/nvd
News mentions
0No linked articles in our index yet.