CVE-2007-2056
CVE-2007-2056 is a security vulnerability that is still awaiting full analysis and scoring.
Key facts
- Actively exploited: Not listed in CISA KEV
- Published:
- Last modified:
Description
Rejected reason: The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable.
Frequently asked questions
- What is CVE-2007-2056?
- Rejected reason: The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable.
- Is CVE-2007-2056 being actively exploited?
- It is not currently listed in CISA's Known Exploited Vulnerabilities catalog, and no EPSS exploit-prediction score is available yet.
- How do I fix CVE-2007-2056?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2007-2056 published?
- CVE-2007-2056 was published on 2007-04-30 and last updated on 2023-11-07.