cvedb.io
CVE-2015-7758
LOW · CVSS 3.3
EPSS exploitation probability: 0%
Published 2016-01-08T19:59:09.163 · Last modified 2026-06-17T00:33:04.923

Summary

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.

Affected products

opensuse — leap

Does this affect you?

Add your gear to cvedb and we'll alert you only when opensuse ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.