CVE-2007-6358 — AND COG Pdftops vulnerability

7 documents7 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 79.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Glyph AND COG Pdftops

Timeline

PublishedDec 15

Latest updateMay 1

Description

pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.

CVSS vector

AV:L/AC:L/C:N/I:C/A:NExploitability: 3.9 | Impact: 6.9

Affected Packages2 packages

▶NVDglyph_and_cog/pdftops1.1.19rc1

▶Debianapple/cups< 1.3.5-1+3

🔴Vulnerability Details

GHSA

GHSA-25gm-5rg6-r2ph: pdftops↗2022-05-01

▶

CVEList

CVE-2007-6358: pdftops↗2007-12-15

▶

OSV

CVE-2007-6358: pdftops↗2007-12-15

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2008-01-09

▶

Debian

CVE-2007-6358: cups - pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwri...↗2007

▶

Red Hat

CVE-2007-6358: pdftops↗

▶