DEBIAN-CVE-2020-11867

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2020-11867
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2020-11867.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2020-11867
Upstream
Published
2020-11-30T22:15:10.713Z
Modified
2025-11-19T01:03:12.799165Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

References

Affected packages

Debian:11 / audacity

Package

Name
audacity
Purl
pkg:deb/debian/audacity?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2~dfsg0-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / audacity

Package

Name
audacity
Purl
pkg:deb/debian/audacity?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2~dfsg0-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / audacity

Package

Name
audacity
Purl
pkg:deb/debian/audacity?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2~dfsg0-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / audacity

Package

Name
audacity
Purl
pkg:deb/debian/audacity?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2~dfsg0-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}