The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons prior to 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 13.1 |
||
opensuse opensuse 12.3 |
||
logilab logilab-common |