CVE-2007-6358

2007-12-1500:00:00

ubuntu.com

0.0004 Low

EPSS

Percentile

5.2%

JSON

pdftops.pl before 1.20 in alternate pdftops filter allows local users to
overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp
temporary file, which is created when pdftops reads a PDF file from stdin,
such as when pdftops is invoked by CUPS.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456960>

Notes

Author	Note
jdstrand	from Debian: NOTE: the debian package is a bit confusing here as it also ships a pdftops NOTE: wrapper script as an example but the original script is installed NOTE: under /usr/lib/cups/filters

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchcupsys< 1.2.2-0ubuntu0.6.06.6UNKNOWN
ubuntu6.10noarchcupsys< 1.2.4-2ubuntu3.2UNKNOWN
ubuntu7.04noarchcupsys< 1.2.8-0ubuntu8.2UNKNOWN
ubuntu7.10noarchcupsys< 1.3.2-1ubuntu7.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	cupsys	< 1.2.2-0ubuntu0.6.06.6	UNKNOWN
ubuntu	6.10	noarch	cupsys	< 1.2.4-2ubuntu3.2	UNKNOWN
ubuntu	7.04	noarch	cupsys	< 1.2.8-0ubuntu8.2	UNKNOWN
ubuntu	7.10	noarch	cupsys	< 1.3.2-1ubuntu7.3	UNKNOWN