{"id":"UBUNTU-CVE-2024-34490","details":"In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d.","modified":"2026-01-20T19:11:47.792667Z","published":"2024-05-05T03:15:00Z","upstream":["CVE-2024-34490"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-34490"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-34490"},{"type":"REPORT","url":"https://sourceforge.net/p/maxima/bugs/3755/"}],"affected":[{"package":{"name":"maxima","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/maxima@5.37.2-8?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.36.1-1","5.37.2-8"],"ecosystem_specific":{"binaries":[{"binary_version":"5.37.2-8","binary_name":"maxima"},{"binary_version":"5.37.2-8","binary_name":"maxima-emacs"},{"binary_version":"5.37.2-8","binary_name":"maxima-share"},{"binary_version":"5.37.2-8","binary_name":"maxima-src"},{"binary_version":"5.37.2-8","binary_name":"maxima-test"},{"binary_version":"5.37.2-8","binary_name":"xmaxima"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-34490.json"}},{"package":{"name":"maxima","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/maxima@5.41.0-3?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.40.0-1","5.40.0-3","5.41.0-1","5.41.0-3"],"ecosystem_specific":{"binaries":[{"binary_version":"5.41.0-3","binary_name":"maxima"},{"binary_version":"5.41.0-3","binary_name":"maxima-emacs"},{"binary_version":"5.41.0-3","binary_name":"maxima-share"},{"binary_version":"5.41.0-3","binary_name":"maxima-src"},{"binary_version":"5.41.0-3","binary_name":"maxima-test"},{"binary_version":"5.41.0-3","binary_name":"xmaxima"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-34490.json"}},{"package":{"name":"maxima","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/maxima@5.43.2-3?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.42.1-1build1","5.43.0-3","5.43.2-2","5.43.2-3"],"ecosystem_specific":{"binaries":[{"binary_version":"5.43.2-3","binary_name":"maxima"},{"binary_version":"5.43.2-3","binary_name":"maxima-emacs"},{"binary_version":"5.43.2-3","binary_name":"maxima-share"},{"binary_version":"5.43.2-3","binary_name":"maxima-src"},{"binary_version":"5.43.2-3","binary_name":"maxima-test"},{"binary_version":"5.43.2-3","binary_name":"xmaxima"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-34490.json"}},{"package":{"name":"maxima","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/maxima@5.45.1-8?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.44.0-3","5.45.1-2","5.45.1-4","5.45.1-5","5.45.1-6","5.45.1-7","5.45.1-8"],"ecosystem_specific":{"binaries":[{"binary_version":"5.45.1-8","binary_name":"maxima"},{"binary_version":"5.45.1-8","binary_name":"maxima-emacs"},{"binary_version":"5.45.1-8","binary_name":"maxima-share"},{"binary_version":"5.45.1-8","binary_name":"maxima-src"},{"binary_version":"5.45.1-8","binary_name":"maxima-test"},{"binary_version":"5.45.1-8","binary_name":"xmaxima"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-34490.json"}},{"package":{"name":"maxima","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/maxima@5.46.0-11build3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.45.1-8","5.46.0-11build3"],"ecosystem_specific":{"binaries":[{"binary_version":"5.46.0-11build3","binary_name":"maxima"},{"binary_version":"5.46.0-11build3","binary_name":"maxima-emacs"},{"binary_version":"5.46.0-11build3","binary_name":"maxima-share"},{"binary_version":"5.46.0-11build3","binary_name":"maxima-src"},{"binary_version":"5.46.0-11build3","binary_name":"maxima-test"},{"binary_version":"5.46.0-11build3","binary_name":"xmaxima"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-34490.json"}},{"package":{"name":"maxima","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/maxima@5.47.0-8?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.47.0-5","5.47.0-7","5.47.0-8"],"ecosystem_specific":{"binaries":[{"binary_version":"5.47.0-8","binary_name":"maxima"},{"binary_version":"5.47.0-8","binary_name":"maxima-emacs"},{"binary_version":"5.47.0-8","binary_name":"maxima-share"},{"binary_version":"5.47.0-8","binary_name":"maxima-src"},{"binary_version":"5.47.0-8","binary_name":"maxima-test"},{"binary_version":"5.47.0-8","binary_name":"xmaxima"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-34490.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"},{"type":"Ubuntu","score":"medium"}]}