CVE-2011-2902

Published: Jan 30, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.

Affected (4)

Products: Glyphandcog: Xpdf · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Glyphandcog Xpdf	Before 3.02-19

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.openwall.com/lists/oss-security/2014/02/08/5

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635849

Source: secalert@redhat.com

Third Party Advisory

https://security-tracker.debian.org/tracker/CVE-2011-2902/

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/02/08/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635849

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security-tracker.debian.org/tracker/CVE-2011-2902/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.