CVE-2009-1144

Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.

Published: Apr 9, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1144
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
foolabs / xpdf	0.5a	0.5a.x
foolabs / xpdf	0.7a	0.7a.x
foolabs / xpdf	0.91a	0.91a.x
foolabs / xpdf	0.91b	0.91b.x
foolabs / xpdf	0.91c	0.91c.x
foolabs / xpdf	0.92a	0.92a.x
foolabs / xpdf	0.92b	0.92b.x
foolabs / xpdf	0.92c	0.92c.x
foolabs / xpdf	0.92d	0.92d.x
foolabs / xpdf	0.92e	0.92e.x
foolabs / xpdf	0.93a	0.93a.x
foolabs / xpdf	0.93b	0.93b.x
foolabs / xpdf	0.93c	0.93c.x
foolabs / xpdf	1.00a	1.00a.x
glyphandcog / xpdfreader	-	3.02.x
glyphandcog / xpdfreader	0.2	0.2.x
glyphandcog / xpdfreader	0.3	0.3.x
glyphandcog / xpdfreader	0.4	0.4.x
glyphandcog / xpdfreader	0.5	0.5.x
glyphandcog / xpdfreader	0.6	0.6.x
glyphandcog / xpdfreader	0.7	0.7.x
glyphandcog / xpdfreader	0.80	0.80.x
glyphandcog / xpdfreader	0.90	0.90.x
glyphandcog / xpdfreader	0.91	0.91.x
glyphandcog / xpdfreader	0.93	0.93.x
glyphandcog / xpdfreader	1.00	1.00.x
glyphandcog / xpdfreader	1.01	1.01.x
glyphandcog / xpdfreader	2.00	2.00.x
glyphandcog / xpdfreader	2.01	2.01.x
glyphandcog / xpdfreader	2.02	2.02.x
glyphandcog / xpdfreader	2.03	2.03.x
glyphandcog / xpdfreader	3.00	3.00.x

Vulnerability Database

289,599

CVE-2009-1144