{"id":"CVE-2014-1624","details":"Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.","aliases":["GHSA-7372-q459-jxhr","PYSEC-2014-95"],"modified":"2026-04-10T03:44:37.533389Z","published":"2014-01-28T00:55:04Z","related":["SUSE-SU-2019:2719-1","SUSE-SU-2019:2719-2"],"references":[{"type":"WEB","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/01/21/3"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/01/21/4"},{"type":"WEB","url":"http://www.securityfocus.com/bid/65042"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90618"}],"schema_version":"1.7.5"}