CVE-2009-1144

Published on: 04/09/2009 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:25:26 PM UTC

AV:L/AC:M/Au:N/C:C/I:C/A:C

Certain versions of Xpdf from Foolabs contain the following vulnerability:

Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.

CVSS2 Score: 6.9 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Gentoo Bug 200023 - app-text/xpdf-3.02-r1 - /etc/xpdfrc setting are not taking effect Vendor Advisory
bugs.gentoo.org
text/html
URL Logo CONFIRM bugs.gentoo.org/show_bug.cgi?id=200023
504 Gateway Time-out cve.report (archive)
text/html
URL Logo BID 34401
No Description Provided osvdb.org

Inactive LinkNot Archived
URL Logo OSVDB 53529
Gentoo update for xpdf - Secunia.com Vendor Advisory
web.archive.org
text/html
URL Logo SECUNIA 34610
Gentoo Bug 242930 - Vendor Advisory
bugs.gentoo.org
text/html
URL Logo CONFIRM bugs.gentoo.org/show_bug.cgi?id=242930
Gentoo Linux Documentation -- Xpdf: Untrusted search path security.gentoo.org
text/html
URL Logo GENTOO GLSA-200904-07

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationFoolabsXpdf0.5aAllAllAll
ApplicationFoolabsXpdf0.7aAllAllAll
ApplicationFoolabsXpdf0.91aAllAllAll
ApplicationFoolabsXpdf0.91bAllAllAll
ApplicationFoolabsXpdf0.91cAllAllAll
ApplicationFoolabsXpdf0.92aAllAllAll
ApplicationFoolabsXpdf0.92bAllAllAll
ApplicationFoolabsXpdf0.92cAllAllAll
ApplicationFoolabsXpdf0.92dAllAllAll
ApplicationFoolabsXpdf0.92eAllAllAll
ApplicationFoolabsXpdf0.93aAllAllAll
ApplicationFoolabsXpdf0.93bAllAllAll
ApplicationFoolabsXpdf0.93cAllAllAll
ApplicationFoolabsXpdf1.00aAllAllAll
ApplicationFoolabsXpdf0.5aAllAllAll
ApplicationFoolabsXpdf0.7aAllAllAll
ApplicationFoolabsXpdf0.91aAllAllAll
ApplicationFoolabsXpdf0.91bAllAllAll
ApplicationFoolabsXpdf0.91cAllAllAll
ApplicationFoolabsXpdf0.92aAllAllAll
ApplicationFoolabsXpdf0.92bAllAllAll
ApplicationFoolabsXpdf0.92cAllAllAll
ApplicationFoolabsXpdf0.92dAllAllAll
ApplicationFoolabsXpdf0.92eAllAllAll
ApplicationFoolabsXpdf0.93aAllAllAll
ApplicationFoolabsXpdf0.93bAllAllAll
ApplicationFoolabsXpdf0.93cAllAllAll
ApplicationFoolabsXpdf1.00aAllAllAll
Operating
System
GentooGentoo LinuxAllAllAllAll
Operating
System
GentooGentoo LinuxAllAllAllAll
ApplicationGlyphandcogXpdfreader0.2AllAllAll
ApplicationGlyphandcogXpdfreader0.3AllAllAll
ApplicationGlyphandcogXpdfreader0.4AllAllAll
ApplicationGlyphandcogXpdfreader0.5AllAllAll
ApplicationGlyphandcogXpdfreader0.6AllAllAll
ApplicationGlyphandcogXpdfreader0.7AllAllAll
ApplicationGlyphandcogXpdfreader0.80AllAllAll
ApplicationGlyphandcogXpdfreader0.90AllAllAll
ApplicationGlyphandcogXpdfreader0.91AllAllAll
ApplicationGlyphandcogXpdfreader0.93AllAllAll
ApplicationGlyphandcogXpdfreader1.00AllAllAll
ApplicationGlyphandcogXpdfreader1.01AllAllAll
ApplicationGlyphandcogXpdfreader2.00AllAllAll
ApplicationGlyphandcogXpdfreader2.01AllAllAll
ApplicationGlyphandcogXpdfreader2.02AllAllAll
ApplicationGlyphandcogXpdfreader2.03AllAllAll
ApplicationGlyphandcogXpdfreader3.00AllAllAll
ApplicationGlyphandcogXpdfreader0.2AllAllAll
ApplicationGlyphandcogXpdfreader0.3AllAllAll
ApplicationGlyphandcogXpdfreader0.4AllAllAll
ApplicationGlyphandcogXpdfreader0.5AllAllAll
ApplicationGlyphandcogXpdfreader0.6AllAllAll
ApplicationGlyphandcogXpdfreader0.7AllAllAll
ApplicationGlyphandcogXpdfreader0.80AllAllAll
ApplicationGlyphandcogXpdfreader0.90AllAllAll
ApplicationGlyphandcogXpdfreader0.91AllAllAll
ApplicationGlyphandcogXpdfreader0.93AllAllAll
ApplicationGlyphandcogXpdfreader1.00AllAllAll
ApplicationGlyphandcogXpdfreader1.01AllAllAll
ApplicationGlyphandcogXpdfreader2.00AllAllAll
ApplicationGlyphandcogXpdfreader2.01AllAllAll
ApplicationGlyphandcogXpdfreader2.02AllAllAll
ApplicationGlyphandcogXpdfreader2.03AllAllAll
ApplicationGlyphandcogXpdfreader3.00AllAllAll
ApplicationGlyphandcogXpdfreaderAllAllAllAll
  • cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*:
  • cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*:
  • cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*:
  • cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*:
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report