Workflow

PyPi: Eyed3

CVE-2014-1934

Safety vulnerability ID: 35538

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 08, 2014 Updated at Mar 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.

Affected package

eyed3

Latest version: 0.9.7

Python audio data toolkit (ID3 and MP3)

Affected versions

Fixed versions

Vulnerability changelog

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.


CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1063671: https://bugzilla.redhat.com/show_bug.cgi?id=1063671
SUSE:openSUSE-SU-2014:0619: http://lists.opensuse.org/opensuse-updates/2014-05/msg00027.html
SUSE:openSUSE-SU-2014:0620: http://lists.opensuse.org/opensuse-updates/2014-05/msg00028.html

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

LOW 3.3

CVSS v2 Details

LOW 3.3
Access Vector (AV)
LOCAL
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL