This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Feh Project First view 2011-02-14
Product Feh Last view 2017-04-14
Version 1.3.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:feh_project:feh

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2017-04-14 CVE-2017-7875

In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.
5.1 2011-05-26 CVE-2010-2246

feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.
3.3 2011-02-14 CVE-2011-1031

The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
3.3 2011-02-14 CVE-2011-0702

The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
25% (1) CWE-787 Out-of-bounds Write
25% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
72990 feh utils.c feh_unique_filename Function /tmp/feh_ Temporary File Symlink Arb...
70805 feh src/utils.c feh_unique_filename() Predictable Filename Symlink Arbitrary ...
66063 feh --wget-timestamps URL Handling Shell Metacharacter Arbitrary Command Exec...

OpenVAS Exploits

id Description
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-08 (feh)
File : nvt/glsa_201110_08.nasl
2011-07-12 Name : Fedora Update for feh FEDORA-2011-8750
File : nvt/gb_fedora_2011_8750_feh_fc15.nasl
2011-07-08 Name : Fedora Update for feh FEDORA-2011-8747
File : nvt/gb_fedora_2011_8747_feh_fc14.nasl
2011-06-03 Name : Fedora Update for feh FEDORA-2011-0074
File : nvt/gb_fedora_2011_0074_feh_fc13.nasl
2011-06-03 Name : Fedora Update for feh FEDORA-2011-0111
File : nvt/gb_fedora_2011_0111_feh_fc14.nasl

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-3ac43a1e15.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a84b6d0071.nasl - Type: ACT_GATHER_INFO
2018-11-14 Name: The remote Fedora host is missing a security update.
File: fedora_2018-56ec0ccd82.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201707-08.nasl - Type: ACT_GATHER_INFO
2017-05-02 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-531.nasl - Type: ACT_GATHER_INFO
2017-04-18 Name: The remote Debian host is missing a security update.
File: debian_DLA-899.nasl - Type: ACT_GATHER_INFO
2011-10-14 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201110-08.nasl - Type: ACT_GATHER_INFO
2011-07-05 Name: The remote Fedora host is missing a security update.
File: fedora_2011-8747.nasl - Type: ACT_GATHER_INFO
2011-07-05 Name: The remote Fedora host is missing a security update.
File: fedora_2011-8750.nasl - Type: ACT_GATHER_INFO
2011-05-25 Name: The remote Fedora host is missing a security update.
File: fedora_2011-0074.nasl - Type: ACT_GATHER_INFO
2011-05-25 Name: The remote Fedora host is missing a security update.
File: fedora_2011-0111.nasl - Type: ACT_GATHER_INFO