zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.
References
Link | Resource |
---|---|
https://security-tracker.debian.org/tracker/CVE-2011-2902/ | Third Party Advisory |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635849 | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2014/02/08/5 | Mailing List Third Party Advisory |
Information
Published : 2018-01-30 12:29
Updated : 2018-02-23 07:57
NVD link : CVE-2011-2902
Mitre link : CVE-2011-2902
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
glyphandcog
- xpdf
debian
- debian_linux