CVE-2009-1144

Xpdf - Untrusted Search Path Privilege Escalation via xpdfrc File

Title source: llm
STIX 2.1

Description

Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34610
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200904-07.xml
Vendor Advisory x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=200023
Vendor Advisory x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=242930
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34401
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/53529

Scores

EPSS 0.0040
EPSS Percentile 32.0%

Details

CWE
CWE-94
Status published
Products (32)
foolabs/xpdf 0.5a
foolabs/xpdf 0.7a
foolabs/xpdf 0.91a
foolabs/xpdf 0.91b
foolabs/xpdf 0.91c
foolabs/xpdf 0.92a
foolabs/xpdf 0.92b
foolabs/xpdf 0.92c
foolabs/xpdf 0.92d
foolabs/xpdf 0.92e
... and 22 more
Published Apr 09, 2009
Tracked Since Feb 18, 2026