Bug 2381789 (CVE-2025-53964)
| Summary: | CVE-2025-53964 goldendict: GoldenDict Dictionary File Modification Vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in GoldenDict. The application allows reading and modification of arbitrary files when a user adds a specially crafted dictionary and subsequently performs a search. This vulnerability allows a network attacker with user interaction to potentially manipulate files on the system. The root cause is an exposed, potentially dangerous method within the dictionary handling process, which leads to unauthorized file modification.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2381856, 2381858, 2381857 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-07-17 20:02:14 UTC
|