CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:C/A:N
EPSS
Percentile
5.1%
pdftops.pl before 1.20 in alternate pdftops filter allows local users to
overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp
temporary file, which is created when pdftops reads a PDF file from stdin,
such as when pdftops is invoked by CUPS.
Author | Note |
---|---|
jdstrand | from Debian: NOTE: the debian package is a bit confusing here as it also ships a pdftops NOTE: wrapper script as an example but the original script is installed NOTE: under /usr/lib/cups/filters |