{"api_version":"1","generated_at":"2026-04-23T00:40:01+00:00","cve":"CVE-2011-2924","urls":{"html":"https://cve.report/CVE-2011-2924","api":"https://cve.report/api/cve/CVE-2011-2924.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-2924","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-2924"},"summary":{"title":"CVE-2011-2924","description":"foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2019-11-19 22:15:00","updated_at":"2020-08-18 15:05:00"},"problem_types":["CWE-59"],"metrics":[],"references":[{"url":"https://lwn.net/Articles/459979/","name":"https://lwn.net/Articles/459979/","refsource":"MISC","tags":["Third Party Advisory"],"title":"Security [LWN.net]","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"726426 – (CVE-2011-2923, CVE-2011-2924) CVE-2011-2923 CVE-2011-2924 foomatic: foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1","name":"https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1","refsource":"MISC","tags":["Release Notes","Third Party Advisory"],"title":"4.0.12-1 : foomatic-filters package : Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/cve-2011-2924","name":"https://access.redhat.com/security/cve/cve-2011-2924","refsource":"MISC","tags":["Third Party Advisory"],"title":"CVE-2011-2924 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.openwall.com/lists/oss-security/2014/02/08/5/1","name":"https://www.openwall.com/lists/oss-security/2014/02/08/5/1","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://security-tracker.debian.org/tracker/CVE-2011-2924","name":"https://security-tracker.debian.org/tracker/CVE-2011-2924","refsource":"MISC","tags":["Third Party Advisory"],"title":"CVE-2011-2924","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-2924","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2924","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"2924","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2924","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2924","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2924","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2924","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2924","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2924","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2924","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2924","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2924","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2924","vulnerable":"1","versionEndIncluding":"4.0.12","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"linuxfoundation","cpe5":"foomatic-filters","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2011-2924","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Other"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"foomatic-filters","product":{"product_data":[{"product_name":"foomatic-filters","version":{"version_data":[{"version_affected":"=","version_value":"4.0.12 and prior"}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/cve-2011-2924","refsource":"MISC","name":"https://access.redhat.com/security/cve/cve-2011-2924"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924"},{"url":"https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1","refsource":"MISC","name":"https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1"},{"url":"https://lwn.net/Articles/459979/","refsource":"MISC","name":"https://lwn.net/Articles/459979/"},{"url":"https://security-tracker.debian.org/tracker/CVE-2011-2924","refsource":"MISC","name":"https://security-tracker.debian.org/tracker/CVE-2011-2924"},{"url":"https://www.openwall.com/lists/oss-security/2014/02/08/5/1","refsource":"MISC","name":"https://www.openwall.com/lists/oss-security/2014/02/08/5/1"}]}},"nvd":{"publishedDate":"2019-11-19 22:15:00","lastModifiedDate":"2020-08-18 15:05:00","problem_types":["CWE-59"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:N/I:P/A:P","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":3.3},"severity":"LOW","exploitabilityScore":3.4,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxfoundation:foomatic-filters:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.12","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"2924","Ordinal":"50141","Title":"CVE-2011-2924","CVE":"CVE-2011-2924","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"2924","Ordinal":"1","NoteData":"foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.","Type":"Description","Title":null},{"CveYear":"2011","CveId":"2924","Ordinal":"2","NoteData":"2019-11-19","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"2924","Ordinal":"3","NoteData":"2019-11-19","Type":"Other","Title":"Modified"}]}}}