Package: ocrodjvu Version: 0.4.6-1 Severity: grave Tags: security Justification: user security hole
If Cuneiform is used as OCR engine, ocrodjvu atomically creates a temporary file in /tmp (or $TMPDIR) and then runs
cuneiform -l <language> -f hocr -o <tmpoutputfile> <inputfile>This turns out to be insecure: in some circumstances (e.g. if OCRed paged contains illustrations), Cuneiform creates additional files in the same directory as output file. As a consequence, a local attacker can overwrite arbitrary files via a symlink attack.
-- Jakub Wilk
signature.asc
Description: Digital signature
