zxpdf in xpdf prior to 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote malicious users to delete arbitrary files via a crafted .pdf.gz file name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
glyphandcog xpdf |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 7.0 |