Vulnerability Description
Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foolabs | Xpdf | 0.5a |
| Glyphandcog | Xpdfreader | <= 3.02 |
| Gentoo | Gentoo Linux | All versions |
Related Weaknesses (CWE)
References
- http://bugs.gentoo.org/show_bug.cgi?id=200023Vendor Advisory
- http://bugs.gentoo.org/show_bug.cgi?id=242930Vendor Advisory
- http://osvdb.org/53529
- http://secunia.com/advisories/34610Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200904-07.xml
- http://www.securityfocus.com/bid/34401
- http://bugs.gentoo.org/show_bug.cgi?id=200023Vendor Advisory
- http://bugs.gentoo.org/show_bug.cgi?id=242930Vendor Advisory
- http://osvdb.org/53529
- http://secunia.com/advisories/34610Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200904-07.xml
- http://www.securityfocus.com/bid/34401
FAQ
What is CVE-2009-1144?
CVE-2009-1144 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an un...
How severe is CVE-2009-1144?
CVE-2009-1144 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1144?
Check the references section above for vendor advisories and patch information. Affected products include: Foolabs Xpdf, Glyphandcog Xpdfreader, Gentoo Gentoo Linux.