CVE-2003-0193 — catdoc - insecure temporary file

Description

msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").

How to fix CVE-2003-0193

To remediate CVE-2003-0193, upgrade the affected package to a fixed version below.

Debian/catdoc—upgrade to 0.91.5-2 or later
Debian/catdoc—upgrade to 0.91.5-1.woody3 or later

Is CVE-2003-0193 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 0.91.5-2
from 0, < 0.91.5-1.woody3

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2003-0193