Red Hat Bugzilla – Bug 1002299
CVE-2013-5648 libdigidoc: arbitrary file overwrite flaw
Last modified: 2014-11-27 04:34:15 EST
It was reported , that ID-software 3.7.2 (libdigidoc):
"Fixed one critical bug in the DDOC parsing routines. By persuading a victim to open a specially-crafted DDOC file, a remote attacker could exploit this vulnerability to overwrite arbitrary files on the system with the privileges of the victim."
The patch is in svn (not the repository from code.google.com/p/esteid, but from svn.eesti.ee)  (r98). This patch was backported for Mageia  and looks applicable to what we ship in Fedora (although we have a much older version). The patch from Mageia (or upstream) won't apply without changes, however, as it's adding a new error code. Judging from the patch, it's just making sure that the file name doesn't include '/' or '\\' (so no paths in the filename).
Created libdigidoc tracking bugs for this issue:
Affects: fedora-all [bug 1002302]
This issue was assigned the name CVE-2013-5648:
libdigidoc-188.8.131.521-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.