Description
pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47519
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33278
Exploit x_refsource_misc
https://bugzilla.novell.com/show_bug.cgi?id=459031
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00488.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00484.html
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/12/19/3
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34312
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32931
Scores
EPSS
0.0041
EPSS Percentile
32.3%
Details
CWE
CWE-59
Status
published
Products (1)
pdfjam/pdfjam
_nil_
Published
Dec 26, 2008
Tracked Since
Feb 18, 2026