CVE-2013-4472
poppler < 0.24.3 - Arbitrary File Overwrite via Symlink Attack on Predictable Temporary Files
Title source: llmDescription
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/183
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/99064
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/181
Various Sources x_refsource_confirm
http://poppler.freedesktop.org/releases.html
Scores
EPSS
0.0037
EPSS Percentile
28.3%
Details
CWE
CWE-59
Status
published
Products (4)
freedesktop/poppler
0.24.0
freedesktop/poppler
0.24.1
freedesktop/poppler
0.24.2
freedesktop/poppler
< 0.24.3
Published
Apr 22, 2014
Tracked Since
Feb 18, 2026