Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4472

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2013-4472
Last Modified 23 Apr 2014 08:20:06
Published 22 Apr 2014 10:23:34
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4472

Summary

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Vulnerable Systems

Application

  • Freedesktop Poppler 0.24.0

  • Freedesktop Poppler 0.24.1

  • Freedesktop Poppler 0.24.2

  • Freedesktop Poppler 0.24.3


References

MLIST - [oss-security] 20131028 Re: CVE request: 3 vulnerabilities in poppler and 1 in Xpdf

MLIST - [oss-security] 20131026 CVE request: 3 vulnerabilities in poppler and 1 in Xpdf

CONFIRM - http://poppler.freedesktop.org/releases.html

OSVDB - 99064


Last Updated: 27 May 2016 11:05:04