PT-2009-3706 · Gentoo · Xpdf+1
Erik Wallin
·
Published
2009-04-09
·
Updated
2019-03-06
·
CVE-2009-1144
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Xpdf versions prior to 3.02-r2
Description
The issue is related to an untrusted search path vulnerability in the Gentoo package of Xpdf. This vulnerability allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory. The problem is connected to an unset SYSTEM XPDFRC macro in a Gentoo build process that utilizes the poppler library.
Recommendations
For Xpdf versions prior to 3.02-r2, update to version 3.02-r2 or later to resolve the issue.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xpdf
Poppler