Lucene search
Gentoo FoundationGLSA-200904-07HistoryApr 07, 2009 - 12:00 a.m.
Xpdf: Untrusted search path
2009-04-0700:00:00
Gentoo Foundation
security.gentoo.org
12
0.0004 Low
EPSS
Percentile
5.2%
Background
Xpdf is a PDF file viewer that runs under the X Window System.
Description
Erik Wallin reported that Gentoo’s Xpdf attempts to read the “xpdfrc” file from the current working directory if it cannot find a “.xpdfrc” file in the user’s home directory. This is caused by a missing definition of the SYSTEM_XPDFRC macro when compiling a repackaged version of Xpdf.
Impact
A local attacker could entice a user to run “xpdf” from a directory containing a specially crafted “xpdfrc” file, resulting in the execution of arbitrary code when attempting to, e.g., print a file.
Workaround
Do not run Xpdf from untrusted working directories.
Resolution
All Xpdf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/xpdf-3.02-r2"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | app-text/xpdf | < 3.02-r2 | UNKNOWN |
Related
securityvulns
securityvulns
[ GLSA 200904-07 ] Xpdf: Untrusted search path
2009-04-08 00:00:00
xpdf code execution
2009-04-08 00:00:00
debiancve
debiancve
CVE-2009-1144
2009-04-09 15:08:00
cvelist
cvelist
CVE-2009-1144
2009-04-09 15:00:00
cve
cve
CVE-2009-1144
2009-04-09 15:08:00
openvas
openvas
Gentoo Security Advisory GLSA 200904-07 (xpdf)
2009-04-15 00:00:00
Gentoo Security Advisory GLSA 200904-07 (xpdf)
2009-04-15 00:00:00
prion
prion
Design/Logic Flaw
2009-04-09 15:08:00
nessus
nessus
GLSA-200904-07 : Xpdf: Untrusted search path
2009-04-07 00:00:00