CVE-2013-4472
Published: 22 April 2014
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
Notes
Author | Note |
---|---|
mdeslaur | windows/non-unix specific |
Priority
Status
Package | Release | Status |
---|---|---|
xpdf Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
poppler Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
libextractor Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
ipe Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
trusty |
Not vulnerable
|