CVE-2015-0296

Published: Oct 6, 2017Modified: May 13, 2026

4.7

Vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.

Affected (2)

Products: Tug: Texlive

Tug

1 product

Texlive

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tug Texlive	Version 6.20131226_r32488.fc20

Running on/with	Platform Versions
Fedoraproject Fedora	Version 20

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tug Texlive	Version 3.1.20140525_r34255.fc21

Running on/with	Platform Versions
Fedoraproject Fedora	Version 21

Related CWEs

CWE-264

References (10)

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154424.html

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/02/27/6

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/72826

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1197082

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html