Karol Lewandowski

**Name of the Vulnerable Software and Affected Versions** chm2pdf version 0.9 **Description** The issue allows local users to cause a denial of service by creating directories with fixed names that chm2pdf uses for temporary files, leading to chm2pdf failure for other users. **Recommendations** For version 0.9, consider restricting access to the directories where chm2pdf creates temporary files to prevent unauthorized users from creating these directories and causing a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** chm2pdf version 0.9 **Description** The issue allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the /tmp/chm2pdf/work or /tmp/chm2pdf/orig temporary directories. **Recommendations** For chm2pdf version 0.9, consider restricting access to the temporary directories /tmp/chm2pdf/work and /tmp/chm2pdf/orig to prevent symlink attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LPRng versions 3.7.4 through 3.8.9 LPRng (affected versions not specified) lprng-doc (affected versions not specified) **Description** The issue allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file. Multiple vulnerabilities in the LPRng package can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely or by a local attacker, depending on the context, and may result in the violation of data integrity. **Recommendations** For LPRng versions 3.7.4 through 3.8.9, consider restricting access to the psbanner functionality to minimize the risk of exploitation. For LPRng with unspecified affected versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For lprng-doc with unspecified affected versions, avoid using the package until the issue is resolved or consider disabling the vulnerable components as a temporary workaround.