VIR Vulnerability Intelligence Relay

CVE-2014-1934

low
Published 2022-05-14 · Modified 2026-05-06
CVSS v3
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
CVSS v2
3.3
VIR risk
3.3

Description

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-1934

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed0.6.18-3
debian debianbullseyefixed0.6.18-3
debian debianforkyfixed0.6.18-3
debian debiansidfixed0.6.18-3
debian debiantrixiefixed0.6.18-3
suse suse12.3affected
suse suse13.1affected

Package impact
EcosystemPackageVulnerableFixed
python PyPIeyed3<0.7.50.7.5

Application impact
VendorProductVersionsFixed
travis_shirkeyed3{"endIncluding":"0.6.18"}
travis_shirkeyed30.1.0
travis_shirkeyed30.2.0
travis_shirkeyed30.3.0
travis_shirkeyed30.3.1
travis_shirkeyed30.4.0
travis_shirkeyed30.5.0
travis_shirkeyed30.5.1
travis_shirkeyed30.6.0
travis_shirkeyed30.6.1
travis_shirkeyed30.6.2
travis_shirkeyed30.6.3
travis_shirkeyed30.6.4
travis_shirkeyed30.6.5
travis_shirkeyed30.6.6
travis_shirkeyed30.6.8
travis_shirkeyed30.6.9
travis_shirkeyed30.6.10
travis_shirkeyed30.6.11
travis_shirkeyed30.6.12
travis_shirkeyed30.6.13
travis_shirkeyed30.6.14
travis_shirkeyed30.6.15
travis_shirkeyed30.6.16
travis_shirkeyed30.6.17
travis_shirkeyed30.7.3

References

CWEs

CWE-59

Verify integrity in audit chain (admin only). AS-IS.