CVE-2007-6061
EPSS 0.91%
Description
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
How to fix CVE-2007-6061
To remediate CVE-2007-6061, upgrade the affected package to a fixed version below.
- Debian/audacity—upgrade to 1.3.4-1.1 or later
Is CVE-2007-6061 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.3.4-1.1