Xine Bug Reporting Script Insecure Temporary File Creation Vulnerability

Xine Bug Reporting Script Insecure Temporary File Creation Vulnerability

The xine bug-reporting scripts (xine-bugreport and xine-check) create temporary files in an insecure manner. A malicious local user could take advantage of this issue by mounting a symbolic-link attack to corrupt other system files, most likely resulting in the destruction of data. Privilege escalation is also possible. This issue occurs only when the vulnerable scripts are run to submit a bug report to the vendor.

Note that xine-bugreport and xine-check are separate instances of the same script.