The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and previous versions, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freedesktop poppler 0.24.0 |
||
freedesktop poppler 0.24.2 |
||
freedesktop poppler 0.24.1 |
||
freedesktop poppler |