Erik Wallin

**Name of the Vulnerable Software and Affected Versions** Xpdf versions prior to 3.02-r2 **Description** The issue is related to an untrusted search path vulnerability in the Gentoo package of Xpdf. This vulnerability allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory. The problem is connected to an unset SYSTEM XPDFRC macro in a Gentoo build process that utilizes the poppler library. **Recommendations** For Xpdf versions prior to 3.02-r2, update to version 3.02-r2 or later to resolve the issue.