CVE-2013-4472

Name of the Vulnerable Software and Affected Versions Xpdf versions prior to 0.24.4 Poppler versions prior to 0.24.4

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names, specifically when the openTempFile function in goo/gfile.cc is used on a system other than Unix.

Recommendations For Xpdf versions prior to 0.24.4, update to version 0.24.4 or later to resolve the issue. For Poppler versions prior to 0.24.4, update to version 0.24.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the openTempFile function in goo/gfile.cc to minimize the risk of exploitation.