LAYER: meta-agl-demo
PACKAGE NAME: flite
PACKAGE VERSION: 1.06
CVE: CVE-2014-0027
CVE STATUS: Patched
CVE SUMMARY: The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav.  NOTE: some of these details are obtained from third party information.
CVSS v2 BASE SCORE: 3.3
CVSS v3 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:P/I:P/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0027