Unrated severityNVD Advisory· Published Feb 14, 2011· Updated Apr 29, 2026
CVE-2011-1031
CVE-2011-1031
Description
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
Affected products
16cpe:2.3:a:feh_project:feh:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:feh_project:feh:*:*:*:*:*:*:*:*range: <=1.11.2
- cpe:2.3:a:feh_project:feh:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:feh_project:feh:1.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- bugzilla.redhat.com/show_bug.cginvdPatch
- derf.homelinux.org/git/feh/commit/nvdPatch
- derf.homelinux.org/git/feh/commit/nvdPatch
- github.com/derf/feh/issues/nvdPatch
- secunia.com/advisories/43221nvdVendor Advisory
News mentions
0No linked articles in our index yet.