CVE-2011-2902

Name of the Vulnerable Software and Affected Versions xpdf versions prior to 3.02-19 xpdf version 3.02-12+squeeze1

Description The issue allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name, due to insecure temporary file deletion in zxpdf.

Recommendations For xpdf versions prior to 3.02-19, update to version 3.02-19 or later. For xpdf version 3.02-12+squeeze1, consider upgrading to a newer version or applying security patches if available. At the moment, there is no information about additional mitigation measures for this specific issue.