CVE-2009-1144
Xpdf - Untrusted Search Path Privilege Escalation via xpdfrc File
Title source: llmDescription
Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34610
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200904-07.xml
Vendor Advisory x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=200023
Vendor Advisory x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=242930
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34401
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/53529
Scores
EPSS
0.0040
EPSS Percentile
32.0%
Details
CWE
CWE-94
Status
published
Products (32)
foolabs/xpdf
0.5a
foolabs/xpdf
0.7a
foolabs/xpdf
0.91a
foolabs/xpdf
0.91b
foolabs/xpdf
0.91c
foolabs/xpdf
0.92a
foolabs/xpdf
0.92b
foolabs/xpdf
0.92c
foolabs/xpdf
0.92d
foolabs/xpdf
0.92e
... and 22 more
Published
Apr 09, 2009
Tracked Since
Feb 18, 2026