Arbitrary File Creation Via A Race Condition

didjvu allows malicious local users to create arbitrary files due to insecure use of /tmp. didjvu creates a unique temporary file directly in /tmp or in $TMPDIR, and passes the name of this file to c44, which will then be used as the output filename. Unfortunately, c44 deletes the output file, an...

didjvu and pdf2djvu Insecure Temporary File Creation Vulnerability

didjvu is a Python module, which uses a separate Kamera framework, foreground and background layers, and then into the DjVu file encoding. pdf2DjVu's main function is to djvu to pdf, is a command line djvu format, pdf format, inter-conversion tool. didjvu and pdf2djvu in the existence of security...