Your submission was sent successfully! Close

CVE-2007-6061

Published: 20 November 2007

Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.

Priority

Low

Status

Package Release Status
audacity
Launchpad, Ubuntu, Debian
dapper
Released (1.2.4b-2ubuntu2.1)
edgy Needed
(reached end-of-life)
feisty
Released (1.2.6-0ubuntu1.1)
gutsy
Released (1.3.3-1ubuntu0.1)
hardy Not vulnerable
(1.3.4-1.1ubuntu1)
upstream Needed