CVE-2009-1144

Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
foolabsxpdf
0.5a:a
foolabsxpdf
0.7a:a
foolabsxpdf
0.91a:a
foolabsxpdf
0.91b:b
foolabsxpdf
0.91c:c
foolabsxpdf
0.92a:a
foolabsxpdf
0.92b:b
foolabsxpdf
0.92c:c
foolabsxpdf
0.92d:d
foolabsxpdf
0.92e:e
foolabsxpdf
0.93a:a
foolabsxpdf
0.93b:b
foolabsxpdf
0.93c:c
foolabsxpdf
1.00a:a
glyphandcogxpdfreader
𝑥
≤ 3.02
glyphandcogxpdfreader
0.2
glyphandcogxpdfreader
0.3
glyphandcogxpdfreader
0.4
glyphandcogxpdfreader
0.5
glyphandcogxpdfreader
0.6
glyphandcogxpdfreader
0.7
glyphandcogxpdfreader
0.80
glyphandcogxpdfreader
0.90
glyphandcogxpdfreader
0.91
glyphandcogxpdfreader
0.93
glyphandcogxpdfreader
1.00
glyphandcogxpdfreader
1.01
glyphandcogxpdfreader
2.00
glyphandcogxpdfreader
2.01
glyphandcogxpdfreader
2.02
glyphandcogxpdfreader
2.03
glyphandcogxpdfreader
3.00
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xpdf
bullseye
3.04+git20210103-3
fixed
bookworm
3.04+git20220601-1
fixed
sid
3.04+git20240613-1
fixed
trixie
3.04+git20240613-1
fixed
Common Weakness Enumeration
References
http://bugs.gentoo.org/show_bug.cgi?id=200023
http://bugs.gentoo.org/show_bug.cgi?id=242930
http://osvdb.org/53529
http://secunia.com/advisories/34610
http://security.gentoo.org/glsa/glsa-200904-07.xml
http://www.securityfocus.com/bid/34401
http://bugs.gentoo.org/show_bug.cgi?id=200023
http://bugs.gentoo.org/show_bug.cgi?id=242930
http://osvdb.org/53529
http://secunia.com/advisories/34610
http://security.gentoo.org/glsa/glsa-200904-07.xml
http://www.securityfocus.com/bid/34401