CVE-2014-1934: Improper Link Resolution Before File Access

May 8, 2014 (updated October 30, 2018)

tag.py in eyeD3 (aka python-eyed3) allows local users to modify arbitrary files via a symlink attack on a temporary file.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062
bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1934

Code Behaviors & Features

Detect and mitigate CVE-2014-1934 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →