Vulnerability Description
graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Graphviz | Graphviz | <= 2.2 |
References
- http://secunia.com/advisories/17121PatchVendor Advisory
- http://secunia.com/advisories/17125PatchVendor Advisory
- http://secunia.com/advisories/17207PatchVendor Advisory
- http://www.debian.org/security/2005/dsa-857PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:188PatchVendor Advisory
- http://www.securityfocus.com/bid/15050Patch
- https://usn.ubuntu.com/208-1/
- http://secunia.com/advisories/17121PatchVendor Advisory
- http://secunia.com/advisories/17125PatchVendor Advisory
- http://secunia.com/advisories/17207PatchVendor Advisory
- http://www.debian.org/security/2005/dsa-857PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:188PatchVendor Advisory
- http://www.securityfocus.com/bid/15050Patch
- https://usn.ubuntu.com/208-1/
FAQ
What is CVE-2005-4803?
CVE-2005-4803 is a vulnerability with a CVSS score of 3.6 (LOW). graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-296...
How severe is CVE-2005-4803?
CVE-2005-4803 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4803?
Check the references section above for vendor advisories and patch information. Affected products include: Graphviz Graphviz.