CVE-2007-6358
published 2007-12-15CVE-2007-6358: pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file…
medium4.9CVSS 3.1
AVLACLAuNCNICAN
pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | >= 0 < 1.3.5-1 | 1.3.5-1 |
| apple | cups | >= 0 < 1.3.5-1 | 1.3.5-1 |
| apple | cups | >= 0 < 1.3.5-1 | 1.3.5-1 |
| apple | cups | >= 0 < 1.3.5-1 | 1.3.5-1 |
| debian | cups | < cups 1.3.5-1 (bookworm) | cups 1.3.5-1 (bookworm) |
| glyph_and_cog | pdftops | <= 1.1.19rc1 | — |
CVSS provenance
nvd4.9MEDIUMAV:L/AC:L/Au:N/C:N/I:C/A:N
osv4.9MEDIUM