CVE-2005-4803
graphviz - insecure temporary file
EPSS 0.06%
Description
graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
How to fix CVE-2005-4803
To remediate CVE-2005-4803, upgrade the affected package to a fixed version below.
- Debian/graphviz—upgrade to 2.2.1-1sarge1 or later
- Debian/graphviz—upgrade to 2.2.1-1sarge1 or later
Is CVE-2005-4803 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.2.1-1sarge1
- from 0, < 2.2.1-1sarge1