First published: Tue Jan 30 2018(Updated: )
zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Glyphandcog Xpdf | <3.02-19 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =9.0 | |
debian/xpdf | 3.04+git20210103-3 3.04+git20220601-1 3.04+git20240613-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.