A vulnerability has been discovered in Stellarium, which can lead to arbitrary file writes.
Package | sci-astronomy/stellarium on all architectures |
---|---|
Affected versions | < 23.1 |
Unaffected versions | >= 23.1 |
Stellarium is a free open source planetarium for your computer. It shows a realistic sky in 3D, just like what you see with the naked eye, binoculars or a telescope.
A vulnerability has been discovered in Stellarium. Please review the CVE identifier referenced below for details.
Attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.
There is no known workaround at this time.
All Stellarium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sci-astronomy/stellarium-23.1"
Release date
July 05, 2024
Latest revision
July 05, 2024: 1
Severity
normal
Exploitable
local and remote
Bugzilla entries