Gentoo · Xpdf · CVE-2009-1144
**Name of the Vulnerable Software and Affected Versions**
Xpdf versions prior to 3.02-r2
**Description**
The issue is related to an untrusted search path vulnerability in the Gentoo package of Xpdf. This vulnerability allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory. The problem is connected to an unset SYSTEM XPDFRC macro in a Gentoo build process that utilizes the poppler library.
**Recommendations**
For Xpdf versions prior to 3.02-r2, update to version 3.02-r2 or later to resolve the issue.