Description of problem: 233 String filename = tag.GetFileName(); 234 String sTmpSuffix = ".XXXXXX"; ... 242 strcpy(sTempFile, filename.c_str()); 243 strcat(sTempFile, sTmpSuffix.c_str()); 244 245 #if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) 246 // This section is for Windows folk && gcc 3.x folk 247 fstream tmpOut; 248 createFile(sTempFile, tmpOut); When compiled with gcc 3 or higher, file with a predictable name is created. This can possibly be explited to conduct a symlink attack and either leak information or overwrite arbitrary file on behalf of user using the library (though I a have not had a look at createFile(), maybe the only problem is two programs using the temporary file concurently). Additional info: The CVE identifier for this issue had been requested. See URL for debian bug.
Mitre assigned CVE-2007-4460 identifier to this issue.
id3lib-3.8.3-17.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.