Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 9 Aug 2011 15:48:10 -0400 (EDT)
From: Josh Bressers <>
Cc: coley <>
Subject: Re: cve request: xpdf: insecure tempfile usage in
 zxpdf script

Please use CVE-2011-2902.



----- Original Message -----
> Hi,
> It was recently discovered that the compressed pdf handler script
> (zxpdf) that shipped in the Debian xpdf package handles tempfiles
> insecurely. Due to this flaw, a specifically-crafted pdf file name can
> be used to delete files from the user's system (by taking advantage of
> the tempfile cleanup trap; i.e. "rm -f <part of crafted file name>").
> Note that as of version 3.02-13 (uploaded to Debian unstable on March
> 4th, 2011), the zxpdf became the default xpdf pdf file handler. With
> this being a default, the problem was promulgated to a much wider user
> base; thus precipitating discovery of the flaw. I've now fixed the
> problem in version 3.02-19 (uploaded to unstable on July 29th, 2011,
> and
> entered testing on July 31st).
> Credit goes to Chung-chieh Shan from Harvard for discovering the
> issue.
> See his bug report for more background and details:
> Please assign an id.
> Thanks,
> Mike

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.