CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
5.1%
pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack.
secunia.com/advisories/33278
secunia.com/advisories/34312
www.openwall.com/lists/oss-security/2008/12/19/3
www.securityfocus.com/bid/32931
bugzilla.novell.com/show_bug.cgi?id=459031
exchange.xforce.ibmcloud.com/vulnerabilities/47519
www.redhat.com/archives/fedora-package-announce/2009-March/msg00484.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg00488.html