CVE-2020-10870

NameCVE-2020-10870
DescriptionZim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs954810

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zim (PTS)buster0.68-1vulnerable
bullseye0.73.5-1fixed
bookworm, sid0.75.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zimsource(unstable)0.72.1-1unimportant954810

Notes

https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028
Negligible security impact
Search for package or bug name: Reporting problems