CVE-2005-3126 — antiword - insecure temporary file

Description

The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.

How to fix CVE-2005-3126

To remediate CVE-2005-3126, upgrade the affected package to a fixed version below.

Debian/antiword—upgrade to 0.35-2 or later
Debian/antiword—upgrade to 0.32-2woody0 or later

Is CVE-2005-3126 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 0.35-2
from 0, < 0.32-2woody0

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-3126