CVE-2011-2902
published 2018-01-30CVE-2011-2902: zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows…
medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | xpdf | < xpdf 3.02-19 (bookworm) | xpdf 3.02-19 (bookworm) |
| glyphandcog | xpdf | < 3.02-19 | 3.02-19 |
| xpdf | xpdf | >= 0 < 3.02-19 | 3.02-19 |
| xpdf | xpdf | >= 0 < 3.02-19 | 3.02-19 |
| xpdf | xpdf | >= 0 < 3.02-19 | 3.02-19 |
| xpdf | xpdf | >= 0 < 3.02-19 | 3.02-19 |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv5.3MEDIUM