CVE-2007-5940

Description

feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.

How to fix CVE-2007-5940

To remediate CVE-2007-5940, upgrade the affected package to a fixed version below.

• Debian/feynmf—upgrade to 1.08-1 or later
• Debian/texlive-bin—upgrade to 2005.dfsg.2-1 or later

Is CVE-2007-5940 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1.08-1
• from 0, < 2005.dfsg.2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-5940