Low severityNVD Advisory· Published Jan 28, 2014· Updated Jun 17, 2026
CVE-2014-1624
CVE-2014-1624
Description
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pyxdgPyPI | < 0.26 | 0.26 |
Affected products
7- cpe:2.3:a:python:pyxdg:0.25:*:*:*:*:*:*:*
- ghsa-coords6 versionspkg:pypi/pyxdgpkg:rpm/suse/python-xdg&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python-xdg&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-xdg&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-xdg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-xdg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 0.26+ 5 more
- (no CPE)range: < 0.26
- (no CPE)range: < 0.25-9.3.1
- (no CPE)range: < 0.25-9.3.1
- (no CPE)range: < 0.25-9.3.1
- (no CPE)range: < 0.25-9.3.1
- (no CPE)range: < 0.25-9.3.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-7372-q459-jxhrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-1624ghsaADVISORY
- bugs.debian.org/cgi-bin/bugreport.cginvdWEB
- www.openwall.com/lists/oss-security/2014/01/21/3nvdWEB
- www.openwall.com/lists/oss-security/2014/01/21/4nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/90618nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/pyxdg/PYSEC-2014-95.yamlghsaWEB
- github.com/takluyver/pyxdg/commit/bd999c1c3fe7ee5f30ede2cf704cf03e400347b4ghsaWEB
- web.archive.org/web/20200227194825/http://www.securityfocus.com/bid/65042ghsaWEB
- www.securityfocus.com/bid/65042nvd
News mentions
0No linked articles in our index yet.