cpe:/a:rawstudio:rawstudio:2.0-1.1 cpe:/o:fedoraproject:fedora:22 CVE-2014-4978 2017-12-29T17:29:00.410-05:00 2018-01-10T14:21:55.727-05:00 3.6 LOCAL LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2018-01-10T11:46:19.907-05:00 BID 68671 FEDORA FEDORA-2015-8196 MLIST [oss-security] 20140716 Re: CVE request: rawstudio: Insecure use of temporary file CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1120093 CONFIRM https://github.com/rawstudio/rawstudio/commit/9c2cd3c93c05d009a91d84eedbb85873b0cb505d XF rawstudio-rsfiltergraph-symlink(94633) The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.