CVE-2009-1144

high

Description

Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.

References

http://www.securityfocus.com/bid/34401

http://security.gentoo.org/glsa/glsa-200904-07.xml

http://secunia.com/advisories/34610

http://osvdb.org/53529

http://bugs.gentoo.org/show_bug.cgi?id=242930

http://bugs.gentoo.org/show_bug.cgi?id=200023

Details

Source: Mitre, NVD

Published: 2009-04-09

Updated: 2019-03-06

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: High